[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Internet Draft: RadSec - RADIUS over TCP+TLS

To: radiusext@ops.ietf.org
Subject: Internet Draft: RadSec - RADIUS over TCP+TLS
From: Stefan Winter <stefan.winter@restena.lu>
Date: Fri, 29 Jun 2007 08:13:18 +0200
Organization: Fondation RESTENA
User-agent: KMail/1.9.6

Hello!

My name is Stefan Winter of the Luxembourg Research and Education Network.
Together with Stig Venaas (Norwegian REN) and Mike McCauley from Open Systems 
Consultants (creators of the Radiator RADIUS server) I have created an 
internet draft describing two implementations of a transport profile for 
RADIUS that transports the RADIUS payload over a TCP+TLS link.

The draft was submitted yesterday; it will soon be available here: 
http://www.ietf.org/internet-drafts/draft-winter-radsec-00.txt

Before that, it can be downloaded from
http://www.eduroam.lu/files/draft-winter-radsec-00.txt

The reason for writing this draft is that two implementations of this 
transport profile exist (OSC's Radiator and Stig's radsecproxy) and have been 
proven to interoperate. The Research and Education Networks in Europe operate 
an international Wireless LAN roaming infrastructure, and we see the need to 
improve the RADIUS proxy chain both security-wise and reliability-wise. 
RadSec is a solution to most of our specific problems with RADIUS that showed 
up over time in the proxy hierarchy (including, but not limited to the problem 
of not knowing how to react when downstream proxies are unresponsive, as 
discussed on this list recently). A description the problems we faced, of 
both implementations and the roaming infrastructure ("eduroam") is contained 
in the draft, along with a short explanation why Diameter is not an option 
for us at this time.

Taking a look at this wg's charter, it is crystal clear that the draft is not 
going to be a work item since the charter explicitly excludes work on new 
transport profiles and security mechanisms. So this draft is meant as an 
independent submission, with the goal of making the document an Informational 
RFC, since it describes existing interoperable software and the information 
therein may be beneficial for the internet community. Still, this wg is 
probably the largest gathering of RADIUS experts around the globe, and I 
invite any interested individuals to give feedback on the draft, it will be 
highly appreciated.

Thanks for listening,

Stefan Winter

-- 
Stefan WINTER

Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingenieur Forschung & Entwicklung

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter@restena.lu     Tel.:     +352 424409-1
http://www.restena.lu                Fax:      +352 422473

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Follow-Ups:
- Re: Internet Draft: RadSec - RADIUS over TCP+TLS
  - From: Victor Gamov <vit@lipetsk.ru>

Prev by Date: Re: New version of RADIUS WLAN document
Next by Date: FW: PRELIMINARY Agenda and Package for July 5, 2007 Telechat
Previous by thread: Proposed Resolution to Issue 230: RFC 4590bis Last Call Comments
Next by thread: Re: Internet Draft: RadSec - RADIUS over TCP+TLS
Index(es):
- Date
- Thread