We're off topic I think, the subject was whether or not stronger certification and password security measures should be integrated into Radiator in order to protect certificates and NAS passwords. From my implementation of Radiator I could tell that both these issues were not addressed and in fact became new attack vectors that previously did not exist in our NPS solution.
I personally am not a big fan of NPS due to its lack of scalability, authentication support and customability, but at least credentials were somewhat secure. ________________________________________ From: a.l.m.bu...@lboro.ac.uk [a.l.m.bu...@lboro.ac.uk] Sent: Friday, October 02, 2015 1:45 PM To: Nadav Hod Cc: Sami Keski-Kasari; radiator@open.com.au Subject: Re: [RADIATOR] Password/certificate security seems next to none on Radiator server Hi, > In this case the private key wasn't necessary to authenticate the phones. > ACS, Cisco's AAA server, also doesn't require the CAPF private key but rather > the CAPF public key to authenticate phones. what you need depends on your implementation. if using another CA - eg a public one, then you just need the CA to be trusted/known. alan _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
