Edited at

無線網(Wifi) 空中線(Antenna)(61)RadiusのRFCを読む。

https://ja.wikipedia.org/wiki/RADIUS

「このページは著作権侵害のおそれが指摘されており、事実関係の調査が依頼されています。」

転載元はよく知らない。 IETFのRFC(request for commnet)だけからの理解をするために、まずRFCを読む

読む目的によって、全部読むか、全部に加えてそれぞれのRFCで参照しているRFCも全部読むか、現在有効な文書だけ読むか、現在重要な文書だけ読むかの4種類を想定


重要な文書だけ読む

RADIUSの著名な書籍を読み、その参考文献、引用しているRFCだけ読む。

この方法だと、今回の目的のうち、RFCだけから理解するという作業にならなくなってしまう。


現在有効な文書だけ読む

下記検索結果からObsolatedとなっているもの以外を読む。

ここから始める。

まず、表題にRADIUSの文字があるものだけ最初に読む(1)。

RFC editor search

https://www.rfc-editor.org/search/rfc_search.php

読んだものからURLをつける。

少し作業を進めてみると、

RFC2865,2866, 2867, 2868, 2869の5文書が中核文書だと思ってもいいかもしれない。

もし、構造が変わるのであれば、前の文書をObsolateして、新しい文書番号をつけるはずだから。

(どんどん新しい文書にしていくものと、古い文書を大切にしてUpdateするものもあるかもしれず、かならずしも新番号がつかなければ中核とは限らないかもしれない。)


Radius RFCを全部読む

RFC Editor Searchで、Rasiusで検索した結果が下記。

他の通信規約の場合に、略称が全く出てこない文章もあったような気がする。

全部読む過程で、関連文書、変更文書などが、この一覧にないかを確認する。


Radius RFCで参照しているRFCも読む

ReferenceのRFCを理解していないと、本質的な事項がわからないかもしれない。

例えば、

[4] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August 1980.

はTCPと共存する通信規約で重要である。TCPの上で動くか、UDPの上で動くかで、上の規約の特徴が生きるかどうかがかかっている本質的な参照と、部分的な調整上で参照しているRFCでは必読度が違うかもしれない。

今回は、参照通信規約の重み付けは行なっていない。(重要度を評価するほど理解していない)


参考資料(reference)

RADIUSプロトコル概要

https://qiita.com/noppe78/items/2fb87f45200ad09195ec

シングル構成のRADIUSサーバを、HA環境に移行した時のメモ

https://qiita.com/nagase/items/8316e02f16acf4567326

SoftEther + (Radius + Google-Authenticator) でMFA認証VPN

https://qiita.com/m0559reen/items/87d86968f5cc36fbff1c

OneLoginのRADIUSを使ってAWS WorkSpacesのMFAを実現したときに詰まったところ

https://qiita.com/14kw/items/f2b7790a57b06e292810

Cisco WLC と FreeRADIUS を利用した EAP-TLS認証

https://qiita.com/haruca_tech/items/a9cf4a9168f325e65513

FreeRADIUS

https://qiita.com/eiuemura/items/3dcad222a9a295359b10

EC2上にRADIUSサーバを構築する手順

https://qiita.com/tokino/items/e9e17ec6f253e86bff4e


一覧(list)

Number
Title
Authors
Date
More Info
Status

2058
Remote Authentication Dial In User Service (RADIUS)
C. Rigney, A. Rubens, W. Simpson, S. Willens
January 1997
Obsoleted by RFC 2138
P.S.

2059
RADIUS Accounting
C. Rigney
January 1997
Obsoleted by RFC 2139
Inf.

2107
Ascend Tunnel Management Protocol - ATMP
K. Hamzeh
February 1997

Inf.

2138
Remote Authentication Dial In User Service (RADIUS)
C. Rigney, A. Rubens, W. Simpson, S. Willens
April 1997
Obsoletes RFC 2058, Obsoleted by RFC 2865
P.S.

2139
RADIUS Accounting
C. Rigney
April 1997
Obsoletes RFC 2059, Obsoleted by RFC 2866
Inf.

2548
Microsoft Vendor-specific RADIUS Attributes
G. Zorn
March 1999
Errata
Inf.

2607
Proxy Chaining and Policy Implementation in Roaming
B. Aboba, J. Vollbrecht
June 1999

Inf.

2618
RADIUS Authentication Client MIB
B. Aboba, G. Zorn
June 1999
Obsoleted by RFC 4668
P.S.

2619
RADIUS Authentication Server MIB
G. Zorn, B. Aboba
June 1999
Obsoleted by RFC 4669
P.S.

2620
RADIUS Accounting Client MIB
B. Aboba, G. Zorn
June 1999
Obsoleted by RFC 4670
Inf.

2621
RADIUS Accounting Server MIB
G. Zorn, B. Aboba
June 1999
Obsoleted by RFC 4671
Inf.

2809
Implementation of L2TP Compulsory Tunneling via RADIUS
B. Aboba, G. Zorn
April 2000

Inf.

2865
Remote Authentication Dial In User Service (RADIUS) https://www.rfc-editor.org/rfc/rfc2865.txt

C. Rigney, S. Willens, A. Rubens, W. Simpson
June 2000
Errata, Obsoletes RFC 2138, Updated by RFC 2868, RFC 3575, RFC 5080, RFC 6929, RFC 8044
D.S.

2866
RADIUS Accounting https://www.rfc-editor.org/rfc/rfc2866.txt

C. Rigney
June 2000
Errata, Obsoletes RFC 2139, Updated by RFC 2867, RFC 5080, RFC 5997
Inf.

2867
RADIUS Accounting Modifications for Tunnel Protocol Support https://www.rfc-editor.org/rfc/rfc2867.txt

G. Zorn, B. Aboba, D. Mitton
June 2000
Errata, Updates RFC 2866
Inf.

2868
RADIUS Attributes for Tunnel Protocol Support https://www.rfc-editor.org/rfc/rfc2868.txt

G. Zorn, D. Leifer, A. Rubens, J. Shriver, M. Holdrege, I. Goyret
June 2000
Errata, Updates RFC 2865, Updated by RFC 3575
Inf.

2869
RADIUS Extensions https://www.rfc-editor.org/rfc/rfc2869.txt

C. Rigney, W. Willats, P. Calhoun
June 2000
Updated by RFC 3579, RFC 5080
Inf.

2881
Network Access Server Requirements Next Generation (NASREQNG) NAS Model
D. Mitton, M. Beadles
July 2000

Inf.

2882
Network Access Servers Requirements: Extended RADIUS Practices
D. Mitton
July 2000

Inf.

3162
RADIUS and IPv6
B. Aboba, G. Zorn, D. Mitton
August 2001
Errata, Updated by RFC 8044
P.S.

3575
IANA Considerations for RADIUS (Remote Authentication Dial In User Service)
B. Aboba
July 2003
Errata, Updates RFC 2865, RFC 2868, Updated by RFC 6929
P.S.

3576
Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)
M. Chiba, G. Dommety, M. Eklund, D. Mitton, B. Aboba
July 2003
Obsoleted by RFC 5176
Inf.

3579
RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)https://www.ietf.org/rfc/rfc3579.txt

B. Aboba, P. Calhoun
September 2003
Updates RFC 2869, Updated by RFC 5080
Inf.

3580
IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines
P. Congdon, B. Aboba, A. Smith, G. Zorn, J. Roese
September 2003
Errata, Updated by RFC 7268
Inf.

4005
Diameter Network Access Server Application
P. Calhoun, G. Zorn, D. Spence, D. Mitton
August 2005
Errata, Obsoleted by RFC 7155
P.S.

4014
Remote Authentication Dial-In User Service (RADIUS) Attributes Suboption for the Dynamic Host Configuration Protocol (DHCP) Relay Agent Information Option
R. Droms, J. Schnizlein
February 2005

P.S.

4372
Chargeable User Identity
F. Adrangi, A. Lior, J. Korhonen, J. Loughney
January 2006

P.S.

4590
RADIUS Extension for Digest Authentication
B. Sterman, D. Sadolevsky, D. Schwartz, D. Williams, W. Beck
July 2006
Errata, Obsoleted by RFC 5090
P.S.

4603
Additional Values for the NAS-Port-Type Attribute
G. Zorn, G. Weber, R. Foltak
July 2006

Inf.

4668
RADIUS Authentication Client MIB for IPv6
D. Nelson
August 2006
Errata, Obsoletes RFC 2618
P.S.

4669
RADIUS Authentication Server MIB for IPv6
D. Nelson
August 2006
Errata, Obsoletes RFC 2619
P.S.

4670
RADIUS Accounting Client MIB for IPv6
D. Nelson
August 2006
Errata, Obsoletes RFC 2620
Inf.

4671
RADIUS Accounting Server MIB for IPv6
D. Nelson
August 2006
Errata, Obsoletes RFC 2621
Inf.

4672
RADIUS Dynamic Authorization Client MIB
S. De Cnodder, N. Jonnala, M. Chiba
September 2006
Errata
Inf.

4673
RADIUS Dynamic Authorization Server MIB
S. De Cnodder, N. Jonnala, M. Chiba
September 2006
Errata
Inf.

4675
RADIUS Attributes for Virtual LAN and Priority Support
P. Congdon, M. Sanchez, B. Aboba
September 2006
Errata
P.S.

4679
DSL Forum Vendor-Specific RADIUS Attributes
V. Mammoliti, G. Zorn, P. Arberg, R. Rennison
September 2006
Errata
Inf.

4818
RADIUS Delegated-IPv6-Prefix Attribute
J. Salowey, R. Droms
April 2007

P.S.

4849
RADIUS Filter Rule Attribute
P. Congdon, M. Sanchez, B. Aboba
April 2007

P.S.

5030
Mobile IPv4 RADIUS Requirements
M. Nakhjiri, Ed., K. Chowdhury, A. Lior, K. Leung
October 2007

Inf.

5080
Common Remote Authentication Dial In User Service (RADIUS) Implementation Issues and Suggested Fixes
D. Nelson, A. DeKok
December 2007
Errata, Updates RFC 2865, RFC 2866, RFC 2869, RFC 3579
P.S.

5090
RADIUS Extension for Digest Authentication
B. Sterman, D. Sadolevsky, D. Schwartz, D. Williams, W. Beck
February 2008
Errata, Obsoletes RFC 4590
P.S.

5176
Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)
M. Chiba, G. Dommety, M. Eklund, D. Mitton, B. Aboba
January 2008
Errata, Obsoletes RFC 3576
Inf.

5580
Carrying Location Objects in RADIUS and Diameter
H. Tschofenig, Ed., F. Adrangi, M. Jones, A. Lior, B. Aboba
August 2009
Errata
P.S.

5607
Remote Authentication Dial-In User Service (RADIUS) Authorization for Network Access Server (NAS) Management
D. Nelson, G. Weber
July 2009

P.S.

5608
Remote Authentication Dial-In User Service (RADIUS) Usage for Simple Network Management Protocol (SNMP) Transport Models
K. Narayan, D. Nelson
August 2009
Errata
P.S.

5904
RADIUS Attributes for IEEE 802.16 Privacy Key Management Version 1 (PKMv1) Protocol Support
G. Zorn
June 2010

Inf.

5997
Use of Status-Server Packets in the Remote Authentication Dial In User Service (RADIUS) Protocol
A. DeKok
August 2010
Errata, Updates RFC 2866
Inf.

6065
Using Authentication, Authorization, and Accounting Services to Dynamically Provision View-Based Access Control Model User-to-Group Mappings
K. Narayan, D. Nelson, R. Presuhn, Ed.
December 2010

P.S.

6158 a.k.a. BCP 158
RADIUS Design Guidelines
A. DeKok, Ed., G. Weber
March 2011
Updated by RFC 6929, RFC 8044
B.C.P.

6218
Cisco Vendor-Specific RADIUS Attributes for the Delivery of Keying Material
G. Zorn, T. Zhang, J. Walker, J. Salowey
April 2011
Errata
Inf.

6421
Crypto-Agility Requirements for Remote Authentication Dial-In User Service (RADIUS)
D. Nelson, Ed.
November 2011

Inf.

6519
RADIUS Extensions for Dual-Stack Lite
R. Maglione, A. Durand
February 2012
Errata
P.S.

6572
RADIUS Support for Proxy Mobile IPv6
F. Xia, B. Sarikaya, J. Korhonen, Ed., S. Gundavelli, D. Damic
June 2012
Updated by RFC 8044
P.S.

6613
RADIUS over TCP
A. DeKok
May 2012
Updated by RFC 7930
Exp.

6614
Transport Layer Security (TLS) Encryption for RADIUS
S. Winter, M. McCauley, S. Venaas, K. Wierenga
May 2012

Exp.

6911
RADIUS Attributes for IPv6 Access Networks
W. Dec, Ed., B. Sarikaya, G. Zorn, Ed., D. Miles, B. Lourdelet
April 2013

P.S.

6929
Remote Authentication Dial In User Service (RADIUS) Protocol Extensions
A. DeKok, A. Lior
April 2013
Updates RFC 2865, RFC 3575, RFC 6158
P.S.

6930
RADIUS Attribute for IPv6 Rapid Deployment on IPv4 Infrastructures (6rd)
D. Guo, S. Jiang, Ed., R. Despres, R. Maglione
April 2013
Errata
P.S.

7037
RADIUS Option for the DHCPv6 Relay Agent
L. Yeh, M. Boucadair
October 2013

P.S.

7268
RADIUS Attributes for IEEE 802 Networks
B. Aboba, J. Malinen, P. Congdon, J. Salowey, M. Jones
July 2014
Updates RFC 3580, RFC 4072, Updated by RFC 8044
P.S.

7360
Datagram Transport Layer Security (DTLS) as a Transport Layer for RADIUS
A. DeKok
September 2014

Exp.

7499
Support of Fragmentation of RADIUS Packets
A. Perez-Mendez, Ed., R. Marin-Lopez, F. Pereniguez-Garcia, G. Lopez-Millan, D. Lopez, A. DeKok
April 2015

Exp.

7585
Dynamic Peer Discovery for RADIUS/TLS and RADIUS/DTLS Based on the Network Access Identifier (NAI)
S. Winter, M. McCauley
October 2015
Errata
Exp.

7593
The eduroam Architecture for Network Roaming
K. Wierenga, S. Winter, T. Wolniewicz
September 2015
Errata
Inf.

7831
Application Bridging for Federated Access Beyond Web (ABFAB) Architecture
J. Howlett, S. Hartman, H. Tschofenig, J. Schaad
May 2016

Inf.

7832
Application Bridging for Federated Access Beyond Web (ABFAB) Use Cases
R. Smith, Ed.
May 2016

Inf.

7833
A RADIUS Attribute, Binding, Profiles, Name Identifier Format, and Confirmation Methods for the Security Assertion Markup Language (SAML)
J. Howlett, S. Hartman, A. Perez-Mendez, Ed.
May 2016

P.S.

7930
Larger Packets for RADIUS over TCP
S. Hartman
August 2016
Updates RFC 6613
Exp.

8044
Data Types in RADIUS
A. DeKok
January 2017
Updates RFC 2865, RFC 3162, RFC 4072, RFC 6158, RFC 6572, RFC 7268
P.S.

8045
RADIUS Extensions for IP Port Configuration and Reporting
D. Cheng, J. Korhonen, M. Boucadair, S. Sivakumar
January 2017
Errata
P.S.

Best Current Practice: B.C.P.

Draft Standard: D.S.

Experimental: Exp.

Informational: Inf.

Proposed Standard: P.S.


RFC 2865

Remote Authentication Dial In User Service (RADIUS) https://www.rfc-editor.org/rfc/rfc2865.txt C. Rigney, S. Willens, A. Rubens, W. Simpson June 2000 Errata, Obsoletes RFC 2138, Updated by RFC 2868, RFC 3575, RFC 5080, RFC 6929, RFC 8044 Draft Standard


References

[1] Rigney, C., Rubens, A., Simpson, W. and S. Willens, "Remote Authentication Dial In User Service (RADIUS)", RFC 2138, April 1997.

[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March, 1997.

[3] Rivest, R. and S. Dusse, "The MD5 Message-Digest Algorithm", RFC 1321, April 1992.

[4] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August 1980.

[5] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000.

[6] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC 1700, October 1994.

[7] Yergeau, F., "UTF-8, a transformation format of ISO 10646", RFC 2279, January 1998.

[8] Aboba, B. and M. Beadles, "The Network Access Identifier", RFC 2486, January 1999.

[9] Kaufman, C., Perlman, R., and Speciner, M., "Network Security: Private Communications in a Public World", Prentice Hall, March 1995, ISBN 0-13-061466-1.

[10] Jacobson, V., "Compressing TCP/IP headers for low-speed serial links", RFC 1144, February 1990.

[11] ISO 8859. International Standard -- Information Processing -- 8-bit Single-Byte Coded Graphic Character Sets -- Part 1: Latin Alphabet No. 1, ISO 8859-1:1987.

[12] Sklower, K., Lloyd, B., McGregor, G., Carr, D. and T. Coradetti, "The PPP Multilink Protocol (MP)", RFC 1990, August 1996.

[13] Alvestrand, H. and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.

[14] Galvin, J., McCloghrie, K. and J. Davin, "SNMP Security Protocols", RFC 1352, July 1992.

[15] Dobbertin, H., "The Status of MD5 After a Recent Attack", CryptoBytes Vol.2 No.2, Summer 1996.


RFC 2866

RFC 2866 RADIUS Accounting https://www.rfc-editor.org/rfc/rfc2866.txt C. Rigney June 2000Errata, Obsoletes RFC 2139, Updated by RFC 2867, RFC 5080, RFC 5997 Informational


References

[1] Rigney, C., "RADIUS Accounting", RFC 2139, April 1997.

[2] Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000.

[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March, 1997.

[4] Postel, J., "User Datagram Protocol", STD 6, RFC 768, August 1980.

[5] Rivest, R. and S. Dusse, "The MD5 Message-Digest Algorithm", RFC1321, April 1992.

[6] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC 1700, October 1994.

[7] Yergeau, F., "UTF-8, a transformation format of ISO 10646", RFC2279, January 1998.

[8] Alvestrand, H. and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.


RFC 2867

RFC 2867 RADIUS Accounting Modifications for Tunnel Protocol Supporthttps://www.rfc-editor.org/rfc/rfc2867.txt G. Zorn, B. Aboba, D. Mitton June 2000 Errata, Updates RFC 2866 Inf.


References

[1] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000.

[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[3] Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, M. and I. Goyret, "RADIUS Attributes for Tunnel Protocol Support", RFC 2868, June 2000.

[4] Townsley, W., Valencia, A., Rubens, A., Pall, G., Zorn, G. and B. Palter, "Layer Two Tunneling Protocol "L2TP"", RFC 2661, August 1999.

[5] Hamzeh, K., Pall, G., Verthein, W., Taarud, J., Little, W. and G. Zorn, "Point-to-Point Tunneling Protocol (PPTP)", RFC 2637, July 1999.


RFC 2868

RFC2868 RADIUS Attributes for Tunnel Protocol Support https://www.rfc-editor.org/rfc/rfc2868.txt| G. Zorn, D. Leifer, A. Rubens, J. Shriver, M. Holdrege, I. Goyret June 2000 Errata, Updates RFC 2865, Updated by RFC 3575 Inf.


References

[1] Hamzeh, K., Pall, G., Verthein, W., Taarud, J., Little, W. and G. Zorn, "Point-to-Point Tunneling Protocol (PPTP)", RFC 2637, July 1999.

[2] Valencia, A., Littlewood, M. and T. Kolar, T., "Cisco Layer Two Forwarding (Protocol) 'L2F'", RFC 2341, May 1998.

[3] Townsley, W., Valencia, A., Rubens, A., Pall, G., Zorn, G. and B. Palter, "Layer Two Tunnelling Protocol (L2TP)", RFC 2661, August 1999.

[4] Hamzeh, K., "Ascend Tunnel Management Protocol - ATMP", RFC 2107, February 1997.

[5] Kent, S. and R. Atkinson, "Security Architecture for the Internet Protocol", RFC 2401, November 1998.

[6] Perkins, C., "IP Encapsulation within IP", RFC 2003, October 1996.

[7] Perkins, C., "Minimal Encapsulation within IP", RFC 2004, October 1996.

[8] Atkinson, R., "IP Encapsulating Security Payload (ESP)", RFC 1827, August 1995.

[9] Hanks, S., Li, T., Farinacci, D. and P. Traina, "Generic Routing Encapsulation (GRE)", RFC 1701, October 1994.

[10] Simpson, W., "IP in IP Tunneling", RFC 1853, October 1995.

[11] Zorn, G. and D. Mitton, "RADIUS Accounting Modifications for Tunnel Protocol Support", RFC 2867, June 2000.

[12] Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote Authentication Dial in User Service (RADIUS)", RFC 2865, June 2000.

[13] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[14] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC 1700, October 1994.

[15] Rigney, C., Willats, W. and P. Calhoun, "RADIUS Extensions", RFC 2869, June 2000.

[16] Narten, T. and H. Alvestrand, "Guidelines for writing an IANA Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.

[17] Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 2373, July 1998.


RFC2869

RFC2869 RADIUS Extensions https://www.rfc-editor.org/rfc/rfc2869.txt C. Rigney, W. Willats, P. Calhoun June 2000 Updated by RFC 3579, RFC 5080 Inf.


References

[1] Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000.

[2] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000.

[3] Blunk, L. and J. Vollbrecht, "PPP Extensible Authentication Protocol (EAP)", RFC 2284, March 1998.

[4] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March, 1997.

[5] Reynolds, J. and J. Postel, "Assigned Numbers", STD 2, RFC 1700, October 1994.

[6] Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, M. and I. Goyret, "RADIUS Attributes for Tunnel Protocol Support", RFC 2868, June 2000.

[7] Zorn, G., Aboba, B. and D. Mitton, "RADIUS Accounting Modifications for Tunnel Protocol Support", RFC 2867, June 2000.

[8] Yergeau, F., "UTF-8, a transformation format of ISO 10646", RFC 2279, January 1998.

[9] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997.

[10] Alvestrand, H. and T. Narten, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 2434, October 1998.

[11] Slatalla, M., and Quittner, J., "Masters of Deception." HarperCollins, New York, 1995.


RFC3579

RFC3579 RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)https://www.ietf.org/rfc/rfc3579.txt B. Aboba, P. Calhoun September 2003, Updates RFC 2869, Updated by RFC 5080, Inf.


References

6.1. Normative References

[RFC1321] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April 1992.

[RFC2104] Krawczyk, H., Bellare, M. and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997.

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO 10646", RFC 2279, January 1998.

[RFC2284] Blunk, L. and J. Vollbrecht, "PPP Extensible Authentication Protocol (EAP)", RFC 2284, March 1998.

[RFC2401] Atkinson, R. and S. Kent, "Security Architecture for the Internet Protocol", RFC 2401, November 1998.

[RFC2406] Kent, S. and R. Atkinson, "IP Encapsulating Security Payload (ESP)", RFC 2406, November 1998.

[RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange (IKE)", RFC 2409, November 1998.

[RFC2486] Aboba, B. and M. Beadles, "The Network Access Identifier", RFC 2486, January 1999.

[RFC2865] Rigney, C., Willens, S., Rubens, A. and W. Simpson, "Remote Authentication Dial In User Service (RADIUS)", RFC 2865, June 2000.

[RFC2988] Paxson, V. and M. Allman, "Computing TCP's Retransmission Timer", RFC 2988, November 2000.

[RFC3162] Aboba, B., Zorn, G. and D. Mitton, "RADIUS and IP6", RFC 3162, August 2001.

[RFC3280] Housley, R., Polk, W., Ford, W. and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002.

[RFC3576] Chiba, M., Dommety, G., Eklund, M., Mitton, D. and B. Aboba, "Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)", RFC 3576, July 2003.

6.2. Informative References

[RFC826] Plummer, D., "An Ethernet Address Resolution Protocol", STD 37, RFC 826, November 1982.

[RFC1510] Kohl, J. and C. Neuman, "The Kerberos Network Authentication Service (V5)", RFC 1510, September 1993.

[RFC1661] Simpson, W., "The Point-to-Point Protocol (PPP)", STD 51, RFC 1661, July 1994.

[RFC2548] Zorn, G., "Microsoft Vendor-specific RADIUS Attributes", RFC 2548, March 1999.

[RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy Implementation in Roaming", RFC 2607, June 1999.

[RFC2716] Aboba, B. and D. Simon,"PPP EAP TLS Authentication Protocol", RFC 2716, October 1999.

[RFC2866] Rigney, C., "RADIUS Accounting", RFC 2866, June 2000.

[RFC2867] Zorn, G., Aboba, B. and D. Mitton, "RADIUS Accounting Modifications for Tunnel Protocol Support", RFC 2867, June 2000.

[RFC2868] Zorn, G., Leifer, D., Rubens, A., Shriver, J., Holdrege, M. and I. Goyret, "RADIUS Attributes for Tunnel Protocol Support", RFC 2868, June 2000.

[RFC2869] Rigney, C., Willats, W. and P. Calhoun, "RADIUS Extensions", RFC 2869, June 2000.

[RFC2983] Black, D. "Differentiated Services and Tunnels", RFC 2983, October 2000.

[RFC3580] Congdon, P., Aboba, B., Smith, A., Zorn, G. and J. Roese, "IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines", RFC 3580, September 2003.

[IEEE802] IEEE Standards for Local and Metropolitan Area Networks: Overview and Architecture, ANSI/IEEE Std 802, 1990.

[IEEE8021X] IEEE Standards for Local and Metropolitan Area Networks: Port based Network Access Control, IEEE Std 802.1X-2001, June 2001.

[MD5Attack] Dobbertin, H., "The Status of MD5 After a Recent Attack", CryptoBytes Vol.2 No.2, Summer 1996.

[Masters] Slatalla, M. and J. Quittner, "Masters of Deception." HarperCollins, New York, 1995.

[NASREQ] Calhoun, P., et al., "Diameter Network Access Server Application", Work in Progress.


用語(term)


RFC3579


authenticator

         The end of the link requiring the authentication.  Also

known as the Network Access Server (NAS) or RADIUS client.
Within IEEE 802.1X terminology, the term Authenticator is
used.


peer

  The other end of the point-to-point link (PPP),

point-to-point LAN segment (IEEE 802.1X) or wireless link,
which is being authenticated by the authenticator. In IEEE
802.1X, this end is known as the Supplicant.


authentication server

         An authentication server is an entity that provides an

authentication service to an authenticator (NAS). This
service verifies from the credentials provided by the peer,
the claim of identity made by the peer; it also may provide
credentials allowing the peer to verify the identity of the
authentication server. Within this document it is assumed
that the NAS operates as a pass-through, forwarding EAP
packets between the RADIUS server and the EAP peer.
Therefore the RADIUS server operates as an authentication
server.


displayable message

         This is interpreted to be a human readable string of

characters, and MUST NOT affect operation of the protocol.
The message encoding MUST follow the UTF-8 transformation
format [RFC2279].


Network Access Server (NAS)

         The device providing access to the network.  Also known as

the Authenticator (IEEE 802.1X or EAP terminology) or
RADIUS client.


RFC2865, RFC2866, RFC2869


service

       The NAS provides a service to the dial-in user, such as PPP

or Telnet.


RFC3579


service

      The NAS provides a service to the user, such as IEEE 802 or

PPP.


RFC2865


session

        Each service provided by the NAS to a dial-in user

constitutes a session, with the beginning of the session
defined as the point where service is first provided and
the end of the session defined as the point where service
is ended. A user may have multiple sessions in parallel or
series if the NAS supports that.


RFC2866


session

        Each service provided by the NAS to a dial-in user

constitutes a session, with the beginning of the session
defined as the point where service is first provided and
the end of the session defined as the point where service
is ended. A user may have multiple sessions in parallel or
series if the NAS supports that, with each session
generating a separate start and stop accounting record with
its own Acct-Session-Id.


RFC2869


session

        Each service provided by the NAS to a dial-in user

constitutes a session, with the beginning of the session
defined as the point where service is first provided and
the end of the session defined as the point where service
is ended. A user may have multiple sessions in parallel or
series if the NAS supports that, with each session
generating a separate start and stop accounting record.


RFC3579


session

        Each service provided by the NAS to a peer constitutes a

session, with the beginning of the session defined as the
point where service is first provided and the end of the
session defined as the point where service is ended. A
peer may have multiple sessions in parallel or series if
the NAS supports that, with each session generating a
separate start and stop accounting record.


RFC2865, RFC2866, 2869, RFC3579


silently discard

         This means the implementation discards the packet without

further processing. The implementation SHOULD provide the
capability of logging the error, including the contents of
the silently discarded packet, and SHOULD record the event
in a statistics counter.


RFC文書の参照関係

RFC
obsolate
updates
updated
reference
title

2865
2138

2138
Remote Authentication Dial In User Service (RADIUS)

2119
Key words for use in RFCs to Indicate Requirement Levels

1321
The MD5 Message-Digest Algorithm

768
User Datagram Protocol

2866
RADIUS Accounting

1700
Assigned Numbers

2279
UTF-8, a transformation format of ISO 10646

2486
The Network Access Identifier

1144
Compressing TCP/IP headers for low-speed serial links

1990
The PPP Multilink Protocol (MP)

2434
Guidelines for Writing an IANA Considerations Section in RFCs

1352
SNMP Security Protocols

2868

RADIUS Attributes for Tunnel Protocol Support

3575

IANA Considerations for RADIUS (Remote Authentication Dial In User Service)

5080

Common Remote Authentication Dial In User Service (RADIUS) Implementation Issues and Suggested Fixes

6929

Remote Authentication Dial In User Service (RADIUS) Protocol Extensions

8044

Data Types in RADIUS

2866
2139

2139
RADIUS Accounting

2865
Remote Authentication Dial In User Service (RADIUS)

2119
Key words for use in RFCs to Indicate Requirement Levels

768
User Datagram Protocol

1321
The MD5 Message-Digest Algorithm

1700
Assigned Numbers

2279
UTF-8, a transformation format of ISO 10646

2434
Guidelines for Writing an IANA Considerations Section in RFCs

2867

RADIUS Accounting Modifications for Tunnel Protocol Support

5080

Common Remote Authentication Dial In User Service (RADIUS) Implementation Issues and Suggested Fixes

5997

Use of Status-Server Packets in the Remote Authentication Dial In User Service (RADIUS) Protocol

2867

2866

2866
RADIUS Accounting

2119
Key words for use in RFCs to Indicate Requirement Levels

2868
RADIUS Attributes for Tunnel Protocol Support

2661
Layer Two Tunneling Protocol "L2TP"

2637
Point-to-Point Tunneling Protocol (PPTP)

2868

2865

Remote Authentication Dial In User Service (RADIUS)

3575

IANA Considerations for RADIUS (Remote Authentication Dial In User Service)

2637
Point-to-Point Tunneling Protocol (PPTP)

2341
Cisco Layer Two Forwarding (Protocol) 'L2F

2661
Layer Two Tunneling Protocol "L2TP"

2107
Ascend Tunnel Management Protocol - ATMP

2401
Security Architecture for the Internet Protocol

2001
IP Encapsulation within IP

2004
Minimal Encapsulation within IP

1827
IP Encapsulating Security Payload (ESP)

1701
Generic Routing Encapsulation (GRE)

1853
IP in IP Tunneling

2867
RADIUS Accounting Modifications for Tunnel Protocol Support

2865
Remote Authentication Dial in User Service (RADIUS)

2119
Key words for use in RFCs to Indicate Requirement Levels

1700
Assigned Numbers

2869
RADIUS Extensions"

2434
Guidelines for Writing an IANA Considerations Section in RFCs

2373
IP Version 6 Addressing Architecture

2869

3579

5080

Common Remote Authentication Dial In User Service (RADIUS) Implementation Issues and Suggested Fixes

2865
Remote Authentication Dial in User Service (RADIUS)

2866
RADIUS Accounting

2284
PPP Extensible Authentication Protocol (EAP)

2119
Key words for use in RFCs to Indicate Requirement Levels

1700
Assigned Numbers

2868
RADIUS Attributes for Tunnel Protocol Support

2867
RADIUS Accounting Modifications for Tunnel Protocol Support

2279
UTF-8, a transformation format of ISO 10646

2104
HMAC: Keyed-Hashing for Message Authentication"

2434
Guidelines for Writing an IANA Considerations Section in RFCs

3579

2869

RADIUS Extensions

1321
The MD5 Message-Digest Algorithm

2104
HMAC: Keyed-Hashing for Message Authentication

2119
Key words for use in RFCs to Indicate Requirement Levels

2279
UTF-8, a transformation format of ISO 10646

2284
PPP Extensible Authentication Protocol (EAP)

2401
Security Architecture for the Internet Protocol

2406
IP Encapsulating Security Payload (ESP)

2409
The Internet Key Exchange (IKE)

2486
The Network Access Identifier

2865
Remote Authentication Dial In User Service (RADIUS)

2988
Computing TCP's Retransmission Timer

3162
RADIUS and IP6

3280
Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

3576
Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)

826
An Ethernet Address Resolution Protocol

1510
The Kerberos Network Authentication Service (V5)

1661
The Point-to-Point Protocol (PPP)

2548
Microsoft Vendor-specific RADIUS Attributes

2607
Proxy Chaining and Policy Implementation in Roaming

2716
PPP EAP TLS Authentication Protocol"

2866
RADIUS Accounting

2867
RADIUS Accounting Modifications for Tunnel Protocol Support

2868
RADIUS Attributes for Tunnel Protocol Support

2869
RADIUS Extensions

2983
Differentiated Services and Tunnels

3580
IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines


文書履歴(document history)

ver. 0.01 初稿 5文書(RFC2865,2866, 2867, 2868, 2869)の参考文献、参照関係整理 20190211 午前 

ver. 0.02 RFC3579, 用語(term)追記 20190211 夕

ver. 0.03 表題追記 20190318