Sam,
So, my question to you is what is driving this work besides a desire to be good security citizens?
Well, besides that, some folks at Cisco expressed a desire to replace the crypto elements of RADIUS (e.g. key wrap, MAC, etc.) with algorithms and modes that would allow systems including RADIUS to receive FIPS certification, for solutions in government and financial services markets.
Additionally, the folks behind the EduRoam consortium in Europe have deployed RADIUS over TLS for inter-university roaming authentication.
There may be other use cases. I encourage anyone on the RADEXT list to add their perspective.
-- to unsubscribe send a message to radiusext-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://psg.com/lists/radiusext/>