Datagram Transport Layer Security (DTLS) as a Transport Layer for RADIUS
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: RFC Editor <firstname.lastname@example.org>, radext mailing list <email@example.com>, radext chair <firstname.lastname@example.org> Subject: Document Action: 'DTLS as a Transport Layer for RADIUS' to Experimental RFC (draft-ietf-radext-dtls-13.txt) The IESG has approved the following document: - 'DTLS as a Transport Layer for RADIUS' (draft-ietf-radext-dtls-13.txt) as Experimental RFC This document is the product of the RADIUS EXTensions Working Group. The IESG contact persons are Benoit Claise and Joel Jaeggli. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-radext-dtls/
Technical Summary This document specifies how the DTLS protocol may be used as a fix for security issues RADIUS has, namely authentication and encryption of RADIUS packets. The document also describes how implementations of the solution proposal can co-exist with current RADIUS systems. Working Group Summary The solution is a result of a long process in the WG. One of the last sticking issue was multiplexing of DTLS and RADIUS over port 1812. WG decided against multiplexing and the DTLS can only be used on existing RADSEC port. The WG has reached a consensus on the entire documented protocol. Document Quality There are two known implementations and one planned (if not done already). Personnel Jouni Korhonen (email@example.com) is the document shepherd. Benoit Claise (firstname.lastname@example.org) is the responsible AD.