(RADIATOR) Secure reliable Radius?
Neil Quiogue
neil at quiogue.com
Wed Feb 2 03:08:09 CST 2005
Hello Mike,
I'm just curious on one point.
Would it open a persistent connection (up to a certain number)
or would you open a connection for each RADIUS request? The
problem I see is the time it takes to tear down a TCP connection
might affect the number of connections it can handle (and of
course the usual file handles issue) and of course performance.
Regards,
Neil Quiogue
Wednesday, February 2, 2005, 2:36:51 PM, you wrote:
MM> Hi All,
MM> we are thinking here about a new idea for Radiator, and wondering if anyone
MM> else finds it interesting and perhaps useful.
MM> We are thinking of a new AuthBy RELIABLERADIUS which would open a TCP
MM> connection to a remote Radiator and send Radius packets over a TCP transport
MM> instead of UDP. The remote Radiator would have a Server RELIABLERADIUS to
MM> listen for such requests.
MM> Clearly, such a TCP connection could also be secured with SSL or TLS, using
MM> client and/or server certificates to authenticate each end and encrypt the
MM> Radius traffic too.
MM> The benefits of this would be:
MM> 1. No more lost packets
MM> 2. High security encryption of Radius traffic
MM> 3. mutual authentication of each end of the tcp transport.
MM> Obviously this provides some of the features that are part of Diameter, and
MM> our forthcoming raDiameter product will include these too, but in the
MM> meantime....
MM> anyone interested?
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list