Hello, there is a new version of the RadSec draft available under http://www.ietf.org/internet-drafts/draft-winter-radsec-01.txt It contains the changes which were announced in IETF70 in Vancouver. The two main points are: - mention TLS with shared secrets as a possible means of establishing the TLS tunnel (though no implementations currently offer that option) - The CA selection during the TLS handshake. This was presented in the Vancouver meeting, but the problem has two sides: server-to-client signalling of acceptable CAs can be signalled with TLS 1.1, as presented in the Vancouver meeting. The other way round, client-to-server signalling, is not possible with TLS 1.1. There is ongoing work in the tls working group though, http://www.ietf.org/internet-drafts/draft-ietf-tls-rfc4366-bis-01.txt , which will allow a Trusted CA indication later. A note that this signalling is the suggested behaviour as soon as that draft is ratified is added in the current radsec draft. Greetings, Stefan Winter -- Stefan WINTER RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de la Recherche R&D Engineer 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg email: stefan.winter@restena.lu Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
Attachment:
signature.asc
Description: This is a digitally signed message part.