[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [eap] RE: [Isms] RADIUS is not a trusted third party
> The use of RADIUS itself without a defined extension such as EAP-TLS or
> EAP-PEAP over RADIUS cannot securely pass attributes between entities. Note
> that the defined EAP-TLS (or other EAP mechanisms) over RADIUS provides for
> secure attribute passing between entities even through proxies.
EAP does not affect how RADIUS attributes are passed, nor does it enable
the passing of RADIUS attributes between the EAP peer and server. So as
far as RADIUS attributes are concerned, what EAP method is used, or
whether EAP is used does not affect RADIUS security, except that an
EAP-Message attribute is included in the messages.
Also, EAP-TLS does not permit passing of TLVs between the peer and server;
this is only allowed in tunneled mechanisms such as EAP-TTLS and PEAP.
--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>