User:Kickdown/RadSec

RadSec
RadSec [1] is an internet protocol to transport RADIUS datagrams over TCP and TLS.

The RADIUS protocol [2] is a widely deployed authentication and authorisation protocol. The supplementary RADIUS Accounting specification [3] also provides accounting mechanisms, thus delivering a full AAA solution. However, RADIUS is experiencing several shortcomings, such as its dependency on the unreliable transport protocol UDP and the lack of security for large parts of its packet payload. RADIUS security is based on the MD5 algorithm, which has been proven to be insecure.

The main focus of RadSec is to provide a means to secure the communication between RADIUS/TCP peers on the transport layer. The most important use of RadSec lies in roaming environments where RADIUS packets need to be transferred through different administrative domains and untrusted, potentially hostile networks. An example for a world-wide roaming environment that uses RadSec to secure communication is "eduroam", see [4].