[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: Re: Questions on TCP port usage for RADIUS/TLS

To: "radiusext@ops.ietf.org" <radiusext@ops.ietf.org>
Subject: Fwd: Re: Questions on TCP port usage for RADIUS/TLS
From: Stefan Winter <stefan.winter@restena.lu>
Date: Wed, 22 Dec 2010 08:17:09 +0100
User-agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); de; rv:1.9.2.8) Gecko/20100802 Lightning/1.0b2 Thunderbird/3.1.2

 Hi,

forwarding one response from an implementor:

Stefan

---------------------------------

>** As an implementor, do you think changing the spec towards three
>separate ports is reasonable, and do you think you would adapt your
>implementation? **

I'm relatively indifferent to this point.  Since we already monitor
different ports for RADIUS over UDP, listening on one port more or
less via TCP does not make a big difference for us.

>** If you had to choose between the aforementioned decision points a) or
>b) , which one would you prefer as an implementor? **

I'd rather prefer separate ports for TCP and TLS traffic.  What is
described as 'application-level multiplexing' would require us to
either implement some sort of non-destructive read from the port
or a sort of 'filter/dispatcher' between the TCP connection and
the TLS stack (which communicates over a given file structure in our
OS) - both of which would required significant effort.

---------------------------------

--
to unsubscribe send a message to radiusext-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://psg.com/lists/radiusext/>

Prev by Date: Re: Questions on TCP port usage for RADIUS/TLS
Next by Date: I-D Action:draft-ietf-radext-ipv6-access-03.txt
Previous by thread: Re: Questions on TCP port usage for RADIUS/TLS
Next by thread: I-D Action:draft-ietf-radext-ipv6-access-03.txt
Index(es):
- Date
- Thread