RadSec

RadSec is a protocol for transporting RADIUS datagrams over TCP and TLS. The RADIUS protocol is a widely deployed authentication and authorization protocol. The supplementary RADIUS Accounting specification^[1] also provides accounting mechanisms, thus delivering a full AAA protocol solution. However, RADIUS is experiencing two major shortcomings as time passes since its initial design: its dependency on the unreliable transport protocol UDP and the lack of security for large parts of its packet payload. Specifically, for the latter, RADIUS security is based on the MD5 algorithm, which has been proven to be insecure.

The main focus of RadSec is to provide a means to secure the communication between RADIUS/TCP peers on the transport layer. The most important use of RadSec lies in roaming environments where RADIUS packets need to be transferred through different administrative domains and untrusted, potentially hostile networks. An example for a world-wide roaming environment that uses RadSec to secure communication is eduroam.^[2]

The "RADIUS Extensions" working group^[3] of the Internet Engineering Task Force (IETF) specified RadSec in RFC 6614.

References

0.00

(0 votes)

Original source: https://en.wikipedia.org/wiki/RadSec. Read more

[1] "RFC2866: RADIUS Accounting". http://tools.ietf.org/html/rfc2866.

[2] "eduroam". http://www.eduroam.org.

[3] "RADIUS Extensions Working Group charter". http://www.ietf.org/html.charters/radext-charter.html.

[1]

[2]

[3]

Anonymous

Search

RadSec

Namespaces

More

Page actions

References

Navigation

Navigation

Help

Translate

Wiki tools

Wiki tools

Anonymous

Search

RadSec

References

Navigation

Wiki tools

Page tools

Other projects

Categories