First steps towards RadSec support

Alexander Clouter alex at
Fri Sep 18 14:42:25 CEST 2009

Arran Cudbard-Bell <A.Cudbard-Bell at> wrote:
> On 17/09/2009 20:11, Alan DeKok wrote:
>> Alexander Clouter wrote:
>>> Just thinking out loud, but RADIUS over SCTP I would have thought would 
>>> be been more appropriate than TCP (as RFC3436 describes SCTP with TLS) 
>>> with the multiplexing of sessions being built in?  
>>   Yes.  But that's even more work....
>>> Would mean your ID field limitation could be removed...
>>   We could do that with RADIUS over TCP.  But that's another story...
> Wasn't one of the points in the RFC that TCP is mature and implemented 
> properly in most modern operating systems...
So because something is new we should overlook that it was designed to 
avoid some of the pitfuls of TCP (for example one session per 
connection, with SCTP you get the multiplexing for free) and instead we 
should just ignore it?

I have heard (making statements without references) that SCTP is pretty 
handy in the cases of VoIP and gaming.

To me, the proxying of requests, especially EAP, made with FreeRADIUS 
fits in perfectly with SCTP built in multiplexing....of course it would 
run against the grain probably with all the UDP session handling 
malarkey in there already.

Of course, someone needs to produce patches...RFCs...and so on.  As that 
person is not me...I'll leave that along side with all my other why the IEEE decided that not using Token Ring-esque 
stuff for wifi was a Good Idea(tm)[1] :-/

Just thinking out loud... :)


[1] along a similar vain I guess folk thought "well Ethernet is simpler 
	and more 'mature' than Token Ring"....'yay' :-/

Alexander Clouter
.sigmonster says: BOFH excuse #130:
                  new management

More information about the Freeradius-Users mailing list