spaces.at.internet2.edu has been upgraded to Confluence 6.15.10. If you have any questions and/or concerns, please contact us at techsupport@internet2.edu
Skip to end of metadata
Go to start of metadata

RADSEC is next-generation RADIUS transport which relies on TCP and TLS for reliable and secure transport with integrity verification.  Deployment of RADSEC will likely come in two phases:  Initially the eduroam infrastructure will deploy RADSEC for infrastructure validation, in which case TLS replaces shared RADIUS secrets.  The second-phase of RADSEC deployment will replace the current hierarchical structure of eduroam with a Peer-to-Peer model as outlined in this IETF working group document.

Currently RADSEC support is integrated into Radiator and FreeRADIUS support is forthcoming. To aid in integration of RADSEC with existing infrastructure the radsecproxy tool has been created by UNINETT (Norway) to provide RADSEC infrastructure while proxying to non-RADSEC aware RADIUS servers.

For technical information on RADSEC and dynamic discovery for RADSEC please see [4] and [5] below:

  1. GEANT2 report on RADSEC
  2. Open Source Consultants Whitepaper on RADSEC
  3. radsecproxy homepage
  4. TLS encryption for RADIUS over TCP (RadSec)
  5. NAI-based Dynamic Peer Discovery for RADIUS over TLS and DTLS
  • No labels