RE: Meaning of "backward compatible" WAS RE: Consensus Call on RADEXT WG re-charter

["Matt Holdrege" <Matt.Holdrege@strixsystems.com>]

-----Original Message-----
From: David B. Nelson [mailto:dnelson@elbrysnetworks.com] 
Sent: Wednesday, April 16, 2008 7:51 PM

Matt Holdrege writes...

> RADIUS has always used UDP and perhaps a lot of developers have 
> counted on that and never developed their products to be socket
> layer neutral.

This is quite possible.

> Not to mention that a firmware change of clients is not really 
> an option in most cases.

My personal (individual WG member) opinion is that the RADSEC work is
interesting for proxy-to-proxy and proxy-to-home-server usages.  I think
that it would be fairly rare to see it in NAS-to-server or NAS-to-proxy
cases.  That takes most of the "sting" out of the "wedded-to-UDP" issues
with NAS-based client implementations.  I think of proxies as being a
server
and client glued together, BTW.

--------------------------------------------------------------

OK, that's fine, but then if *real* RADIUS clients aren't really a part
of this effort, then why is it in this WG? I assume you have some reason
for not using IETF recommended IPsec to secure proxy-to-proxy data? If
so, why don't you create another proxy-server to proxy-server encryption
protocol?

Sorry, I expect this has been discussed before already. If so, disregard
my question.

-Matt


--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>