proxed EAP and eduroam project
Stefan Winter
stefan.winter at restena.lu
Tue Feb 19 10:04:13 CET 2008
Hi,
> unless using very old method like EAP-MD5.
which is forbidden in the eduroam policy anyway. For the exact reason of not
providing sufficient security (no mutual authentication).
> looking to the future, RADSEC will be involved in 'beefing up'
> the RADIUS to RADIUS communication channel. as well as the
> automatic assignment/discovery of AAA end point systems.
RadSec is RADIUS over TCP+TLS. This means that the attributes which are
unencrypted in RADIUS (User-Name, Calling-Station-Id, ...) will be hidden
inside a TLS tunnel and will only be visible to the RADIUS servers involved
in proxying, not any IP node underway as is current with RADIUS alone.
Concerning RadSec, you might like to read the current Internet-Draft:
http://www.ietf.org/internet-drafts/draft-winter-radsec-01.txt
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at restena.lu Tel.: +352 424409-1
http://www.restena.lu Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080219/90a9cce9/attachment.pgp>
More information about the Freeradius-Users
mailing list