does freeradius support key-wrap
Michael Martinez
mwtzzz at gmail.com
Sun Apr 10 18:38:48 CEST 2016
Ok, I have more context for my question:
Does Freeradius support something similar to Cisco's use of key-wrap
as defined in https://tools.ietf.org/html/draft-zorn-radius-keywrap-18
?
In their implementation they define a way to securely transmit
cryptographic keying material (such as from an EAP conversation)
between NAS and Radius server using a a keywrap around the keying
material to protect encryption key distribution.
Supposedly this "protects" a man-in-the-middle from grabbing the EAP
keys? I'm not sure how this increases security because you can't do
anything with the public keys anyway. But I suppose it's a "stronger"
way of encrypting that information as opposed to the standard hash
that's currently done.
The reason I'm asking, I'm doing some contract work for a university.
The bosses want to know, presumably because they have some compliance
requirements they need to satisfy.
I see a few past discussion of this from the mailing list, but no
clear answer on whether freeradius does this.
--
---
Michael Martinez
http://www.michael--martinez.com
More information about the Freeradius-Users
mailing list