Datagram Transport Layer Security (DTLS) as a Transport Layer for RADIUS, September 2014
Discuss this RFC: Send questions or comments to firstname.lastname@example.org
The RADIUS protocol defined in RFC 2865 has limited support for authentication and encryption of RADIUS packets. The protocol transports data in the clear, although some parts of the packets can have obfuscated content. Packets may be replayed verbatim by an attacker, and client-server authentication is based on fixed shared secrets. This document specifies how the Datagram Transport Layer Security (DTLS) protocol may be used as a fix for these problems. It also describes how implementations of this proposal can coexist with current RADIUS systems.
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 4844.