RFC 7360

Datagram Transport Layer Security (DTLS) as a Transport Layer for RADIUS, September 2014

File formats:
icon for text file icon for PDF icon for HTML
Status:
EXPERIMENTAL
Author:
A. DeKok
Stream:
IETF
Source:
radext (sec)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC7360

Discuss this RFC: Send questions or comments to the mailing list radext@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 7360

Abstract

The RADIUS protocol defined in RFC 2865 has limited support for authentication and encryption of RADIUS packets. The protocol transports data in the clear, although some parts of the packets can have obfuscated content. Packets may be replayed verbatim by an attacker, and client-server authentication is based on fixed shared secrets. This document specifies how the Datagram Transport Layer Security (DTLS) protocol may be used as a fix for these problems. It also describes how implementations of this proposal can coexist with current RADIUS systems.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.



Advanced Search