Datagram Transport Layer Security as a Transport Layer for RADIUS
RFC 7360, “Datagram Transport Layer Security as a Transport Layer for RADIUS”, is an Experimental document published in September 2014 by A. DeKok. It has since been updated by RFC 9765. The canonical text is published by the RFC Editor.
Abstract
The RADIUS protocol defined in RFC 2865 has limited support for authentication and encryption of RADIUS packets. The protocol transports data in the clear, although some parts of the packets can have obfuscated content. Packets may be replayed verbatim by an attacker, and client-server authentication is based on fixed shared secrets. This document specifies how the Datagram Transport Layer Security (DTLS) protocol may be used as a fix for these problems. It also describes how implementations of this proposal can coexist with current RADIUS systems.
What “Experimental” means
Describes a specification that is part of a research or development effort, published so the community can gain experience with it.
The canonical text of RFC 7360 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7359 Layer 3 Virtual Private Network Tunnel Traffic Leakages in Dual-Stack Hosts/Networks
- RFC 7361 LDP Extensions for Optimized MAC Address Withdrawal in a Hierarchical Virtual Private LAN Service
- RFC 7358 Label Advertisement Discipline for LDP Forwarding Equivalence Classes
- RFC 7362 Latching: Hosted NAT Traversal for Media in Real-Time Communication
- RFC 7357 Transparent Interconnection of Lots of Links : End Station Address Distribution Information Protocol
- RFC 7363 Self-Tuning Distributed Hash Table for REsource LOcation And Discovery
- RFC 7356 IS-IS Flooding Scope Link State PDUs
- RFC 7364 Problem Statement: Overlays for Network Virtualization