First steps towards RadSec support
alex at digriz.org.uk
Fri Sep 18 14:42:25 CEST 2009
Arran Cudbard-Bell <A.Cudbard-Bell at sussex.ac.uk> wrote:
> On 17/09/2009 20:11, Alan DeKok wrote:
>> Alexander Clouter wrote:
>>> Just thinking out loud, but RADIUS over SCTP I would have thought would
>>> be been more appropriate than TCP (as RFC3436 describes SCTP with TLS)
>>> with the multiplexing of sessions being built in?
>> Yes. But that's even more work....
>>> Would mean your ID field limitation could be removed...
>> We could do that with RADIUS over TCP. But that's another story...
> Wasn't one of the points in the RFC that TCP is mature and implemented
> properly in most modern operating systems...
So because something is new we should overlook that it was designed to
avoid some of the pitfuls of TCP (for example one session per
connection, with SCTP you get the multiplexing for free) and instead we
should just ignore it?
I have heard (making statements without references) that SCTP is pretty
handy in the cases of VoIP and gaming.
To me, the proxying of requests, especially EAP, made with FreeRADIUS
fits in perfectly with SCTP built in multiplexing....of course it would
run against the grain probably with all the UDP session handling
malarkey in there already.
Of course, someone needs to produce patches...RFCs...and so on. As that
person is not me...I'll leave that along side with all my other
ponderings...like why the IEEE decided that not using Token Ring-esque
stuff for wifi was a Good Idea(tm) :-/
Just thinking out loud... :)
 along a similar vain I guess folk thought "well Ethernet is simpler
and more 'mature' than Token Ring"....'yay' :-/
.sigmonster says: BOFH excuse #130:
More information about the Freeradius-Users