Hi, > Good point. On that note, it seems that RadSec (as currently specified) > creates one new option but eliminates another. Would it be worthwhile > defining RADIUS over TCP, & then how to use TLS to protect it? That sounds good to me. In some earlier offline discussions I also heard of people wanting to do RADIUS-over-SSH-TCP-port-forwarding. Not my personal favourite, but still. The idea would then be to have one document about: - identifying parts of 2865 that are of relevance for UDP only - how to replace those UDP transport specifics with TCP and another document about - using (D)TLS to secure the payload (where I would hope that DTLS and TLS have enough similarities to warrant being put into one document. Not sure about that though.) RadSec would then be the application of both in conjunction. Does that sound acceptable? Greetings, Stefan -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
Attachment:
signature.asc
Description: This is a digitally signed message part.