Skip to Main Content
RADIUS
book

RADIUS

by Jonathan Hassell
October 2002
Intermediate to advanced content levelIntermediate to advanced
206 pages
8h 30m
English
O'Reilly Media, Inc.
Content preview from RADIUS

Modifying the RADIUS Protocol

It may be frustrating to have to employ workarounds to inherent deficiencies in the RADIUS protocol. As informed, knowledgeable RADIUS users (and you are knowledgeable now that you are reading this book), we need to push for a protocol revision. Joshua Hill, of InfoGard Laboratories, eloquently makes a case for a revision in the following mini-essay.

So, why attempt to modify RADIUS at all? Why not just go to another (presumably more modern and more secure) protocol? Well, for the most part, the answer is, “because such a protocol doesn’t currently exist.” In the near future, however, Diameter is likely to be released by the IETF.

Diameter is the planned RADIUS replacement. The great majority of all the protocol work that has gone into Diameter has been directed at removing some of the functional limitations imposed by the RADIUS protocol. Effectively, no work has been done that relates to the client/server security of the protocol. (CMS is defined, but this is a security layer for the proxy to proxy interaction, not the client to proxy/server interaction.)

So, does this mean that they continue to use even RADIUS’ ad hoc system? No: they removed all security functionality from the protocol. In essence, the developers did the protocol designer’s equivalent of punting. Section 2.2 of the current Diameter protocol spec says:

"Diameter clients, such as Network Access Servers (NASes) and Foreign Agents MUST support IP Security, and MAY support TLS. Diameter ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition

TCP/IP Illustrated, Volume 1: The Protocols, 2nd Edition

Kevin R. Fall, W. Richard Stevens
TCP/IP Guide

TCP/IP Guide

Charles M. Kozierok

Publisher Resources

ISBN: 0596003226Errata Page