[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [eap] RE: [Isms] RADIUS is not a trusted third party
Martin Soukup said:
> The use of RADIUS itself without a defined extension such as EAP-TLS
> or EAP-PEAP over RADIUS cannot securely pass attributes between
> entities. Note that the defined EAP-TLS (or other EAP mechanisms)
> over RADIUS provides for secure attribute passing between entities
> even through proxies.
In response to which, Glen Zorn spake thusly:
> I thought that I was passing familiar w/EAP-TLS (and even more so
> w/PEAP), but I am completely unaware of such capabilities. Would
> you mind explaining how this is achieved, given that RADIUS & EAP
> are completely different protocols?
I also was unaware of the ability of EAP-TLS to transmit RADIUS attributes
between the EAP peer and server. I had always thought RADIUS was a
protocol only spoken between a NAS and a RADIUS server, and that EAP-TLS
didn't support transmission of TLVs. But I guess this is a somewhat old
fashioned point of view.
Perhaps this is referring to EAP-TLS "extended" via the following?
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.