[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Continued discussion of RADIUS Crypto-Agility



Bernard Aboba wrote:
>> You can use x509 as a key-only mechanism too. Just configure
>> each radius endpoint with a self-signed cert and use the (say)
>> fingerprint to express trust. That is equivalent (in terms of
>> the work involved) to a shared-secret database and can be
>> automated (in tools) almost the same way.
>
> Is this something that current RADSEC implementations support?
>
>
>
I can't be absolutely sure but since openssl has hooks for certificate
validation it would be a no-brainer to put it in.

    Cheers Leif

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>