Re: [radext] New Draft for RADIUS Attribute Security
Alan DeKok <aland@deployingradius.com> Sat, 18 February 2017 13:22 UTC
Return-Path: <aland@deployingradius.com>
X-Original-To: radext@ietfa.amsl.com
Delivered-To: radext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28BB712950E for <radext@ietfa.amsl.com>; Sat, 18 Feb 2017 05:22:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n5EXMD8fdZfm for <radext@ietfa.amsl.com>; Sat, 18 Feb 2017 05:22:34 -0800 (PST)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) by ietfa.amsl.com (Postfix) with ESMTP id 7E66012950A for <radext@ietf.org>; Sat, 18 Feb 2017 05:22:34 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.networkradius.com (Postfix) with ESMTP id 92980149B; Sat, 18 Feb 2017 13:22:33 +0000 (UTC)
Received: from mail.networkradius.com ([127.0.0.1]) by localhost (mail-server.vmhost2.networkradius.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6kVxRsNxEjEC; Sat, 18 Feb 2017 13:22:33 +0000 (UTC)
Received: from [192.168.120.42] (23-233-24-114.cpe.pppoe.ca [23.233.24.114]) by mail.networkradius.com (Postfix) with ESMTPSA id 0D690DA; Sat, 18 Feb 2017 13:22:32 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <D5A6F3355F664C40AFB65BB1277D8D45044ECDD0F5@MAAX7MCDC101.APAC.DELL.COM>
Date: Sat, 18 Feb 2017 08:22:31 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <D644C325-05CD-47B5-B0A0-D55BC6DEB8B7@deployingradius.com>
References: <D5A6F3355F664C40AFB65BB1277D8D45044ECDD0F5@MAAX7MCDC101.APAC.DELL.COM>
To: Aravind.Sridharan@dell.com
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/radext/9sY1Ynl0WTOl6Wkx0Ee3wSUGEKo>
Cc: radext@ietf.org, Sanal.Kumar.Sivarama@dell.com
Subject: Re: [radext] New Draft for RADIUS Attribute Security
X-BeenThere: radext@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: RADIUS EXTensions working group discussion list <radext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/radext>, <mailto:radext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/radext/>
List-Post: <mailto:radext@ietf.org>
List-Help: <mailto:radext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/radext>, <mailto:radext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Feb 2017 13:22:36 -0000
On Feb 17, 2017, at 7:41 AM, <Aravind.Sridharan@dell.com> <Aravind.Sridharan@dell.com> wrote: > We have proposed a new draft for RADIUS Attribute Security. My $0.02: use TLS with a pre-shared key. While this requires a TLS implementation on the client, the administration overhead is exactly the same as for traditional RADIUS shared secrets. And TLS isn't much of an overhead any more. While OpenSSL is huge, there are many other small / embedded SSL libraries. Any modern RADIUS client should be able to handle TLS without much difficulty. Alan DeKok.
- [radext] New Draft for RADIUS Attribute Security Aravind.Sridharan
- Re: [radext] New Draft for RADIUS Attribute Secur… Alan DeKok
- Re: [radext] New Draft for RADIUS Attribute Secur… Bernard Aboba