Josh Howlett <[EMAIL PROTECTED]> wrote: > I would certainly find this capability useful. I don't see the harm in > _open_ extensions provided that they're documented and are inactive by > default.
There's also the problem of traffic analysis. e.g. Packets to port 1812 are authentication requests. Packets to port 1813 are accounting requests. Small packets from port 1812 are authentication rejects. Larger packets from port 1812 are authentication accepts. You can get a LOT of information about what's going on in the network just by looking at ports and packet sizes. So my question is: What purpose would be served by encrypting packets? What information do you want to hide from prying eyes? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
