Hi, > rather than a problem, this is a question. > I assume you know what eduroam is, but just in case: > What is eduroam
several members of this list are involved in eduroam at sites worldwide. > What happens is that the EAP conversation traverls in cleartext across > the public internet (really the inter-university networks). cleartext? not really. the proxied traffic will be at least encapsulated via a shared secret between each RADIUS end point. and the inner method itself is sat in the EAP tunnel. unless using very old method like EAP-MD5. ideally you wouldnt use a PAP method either - MSCHAPv2 challenge response in PEAP or EAP-TTLS would give greater security. however, EAP-TLS is the defacto top-level way of doing it. platinum service, as it were - but you've got to have a full PKI infrastructure for creation, deployment and revokation. looking to the future, RADSEC will be involved in 'beefing up' the RADIUS to RADIUS communication channel. as well as the automatic assignment/discovery of AAA end point systems. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
