[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Consensus Call on RADEXT WG re-charter

To: "David B. Nelson" <dnelson@elbrysnetworks.com>
Subject: Re: Consensus Call on RADEXT WG re-charter
From: Mike McCauley <mikem@open.com.au>
Date: Wed, 16 Apr 2008 06:58:33 +1000
Cc: radiusext@ops.ietf.org
In-reply-to: <4804A580.1060104@elbrysnetworks.com>
References: <BLU137-DS3201313A440BD95347E3B93E80@phx.gbl> <400A74A604718E46BC9EE95677BAFF31181919@wv-mailsrv2.strixsystems.com> <4804A580.1060104@elbrysnetworks.com>
User-agent: KMail/1.8.2

On Tuesday 15 April 2008 22:54, David B. Nelson wrote:
> Matt Holdrege wrote:
> > As far as backwards compatibility is concerned, I hope everyone realizes
> > that RADIUS is an extremely well installed **SERVICE** and a completely
> > new **SERVICE** would be a waste of everyone’s time. People can scream
> > and yell about having to twiddle bits in their servers and proxies but I
> > don’t care. It is the clients that you should really be concerned with.
>
> Right.  While I think the RADSEC folks indicate they have some client
> implementations, my impression of the work is that its more useful
> between the first-hop proxy and the home server.
>
> For the RADESC folks: Is there any reason that the first-hop proxy
> couldn't terminate a RADIUS (RADIUS over UDP) session with the NAS and
> originate a RADSEC (RADIUS over TLS/TCP) session with the up-stream
> proxies or home server?

Thats a very common model which is permitted by the spec and supported by our 
implementation (at least), with the view of protecting the traffic while it 
traverses the internet but without requiring RadSec capable clients.

Cheers.

>
>
>
> --
> to unsubscribe send a message to radiusext-request@ops.ietf.org with
> the word 'unsubscribe' in a single line as the message text body.
> archive: <http://psg.com/lists/radiusext/>

-- 
Mike McCauley                               mikem@open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

References:
- Consensus Call on RADEXT WG re-charter
  - From: <Bernard_Aboba@hotmail.com>
- RE: Consensus Call on RADEXT WG re-charter
  - From: "Matt Holdrege" <Matt.Holdrege@strixsystems.com>
- Re: Consensus Call on RADEXT WG re-charter
  - From: "David B. Nelson" <dnelson@elbrysnetworks.com>

Prev by Date: RE: RADEXT WG re-charter
Next by Date: Re: RADEXT WG re-charter
Previous by thread: Re: Consensus Call on RADEXT WG re-charter
Next by thread: RE: Consensus Call on RADEXT WG re-charter
Index(es):
- Date
- Thread