RadSec

Add links
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 109.43.19.230 (talk) at 19:22, 31 March 2015 (RadSec is now a RFC, this article still needs some more work). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

RadSec is a protocol for transporting RADIUS datagrams over TCP and TLS.

The RADIUS protocol is a widely deployed authentication and authorization protocol. The supplementary RADIUS Accounting specification[1] also provides accounting mechanisms, thus delivering a full AAA protocol solution. However, RADIUS is experiencing two major shortcomings as time passes since its initial design: its dependency on the unreliable transport protocol UDP and the lack of security for large parts of its packet payload. Specifically, for the latter, RADIUS security is based on the MD5 algorithm, which has been proven to be insecure.

The main focus of RadSec is to provide a means to secure the communication between RADIUS/TCP peers on the transport layer. The most important use of RadSec lies in roaming environments where RADIUS packets need to be transferred through different administrative domains and untrusted, potentially hostile networks. An example for a world-wide roaming environment that uses RadSec to secure communication is eduroam.[2]

The "RADIUS Extensions" working group[3] of the Internet Engineering Task Force (IETF) specified RadSec in RFC 6614.

References

  1. ^ "RFC2866: RADIUS Accounting".
  2. ^ "eduroam".
  3. ^ "RADIUS Extensions Working Group charter".
Retrieved from "https://en.wikipedia.org/w/index.php?title=RadSec&oldid=654383770"