Browse Prior Art Database

Datagram Transport Layer Security (DTLS) as a Transport Layer for RADIUS (RFC7360) Disclosure Number: IPCOM000238602D
Original Publication Date: 2014-Sep-01
Included in the Prior Art Database: 2014-Sep-05
Document File: 54 page(s) / 60K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People



The RADIUS protocol as described in [RFC2865], [RFC2866], [RFC5176], and others has traditionally used methods based on MD5 [RFC1321] for per-packet authentication and integrity checks. However, the MD5 algorithm has known weaknesses such as [MD5Attack] and [MD5Break]. As a result, some specifications, such as [RFC5176], have recommended using IPsec to secure RADIUS traffic.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 5% of the total text.

Internet Engineering Task Force (IETF)                          A. DeKok Request for Comments: 7360                                    FreeRADIUS Category: Experimental                                    September 2014 ISSN: 2070-1721

                 Datagram Transport Layer Security (DTLS)                     as a Transport Layer for RADIUS


   The RADIUS protocol defined in RFC 2865 has limited support for    authentication and encryption of RADIUS packets.  The protocol    transports data in the clear, although some parts of the packets can    have obfuscated content.  Packets may be replayed verbatim by an    attacker, and client-server authentication is based on fixed shared    secrets.  This document specifies how the Datagram Transport Layer    Security (DTLS) protocol may be used as a fix for these problems.  It    also describes how implementations of this proposal can coexist with    current RADIUS systems.

Status of This Memo

   This document is not an Internet Standards Track specification; it is    published for examination, experimental implementation, and    evaluation.

   This document defines an Experimental Protocol for the Internet    community.  This document is a product of the Internet Engineering    Task Force (IETF).  It represents the consensus of the IETF    community.  It has received public review and has been approved for    publication by the Internet Engineering Steering Group (IESG).  Not    all documents approved by the IESG are a candidate for any level of    Internet Standard; see Section 2 of RFC 5741.

   Information about the current status of this document, any errata,    and how to provide feedback on it may be obtained at

DeKok                         Experimental                      [Page 1]
 RFC 7360          DTLS as a Transport Layer for RADIUS    September 2014

 Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the    document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal    Provisions Relating to IETF Documents    ( in effect on the date of    publication of this document.  Please review these documents    carefully, as they describe your rights and restrictions with respect    to this document.  Code Components extracted from this document must    include Simplified BSD License text as described in Section 4.e of    the Trust Legal Provisions and are provided without warranty as    described in the Simplified BSD License.

DeKok                         Experimental                      [Page 2]