PKI and RADIUS

C (michael.bauer@guidant.com)
Tue, 23 Feb 1999 09:59:43 -0600

• Next message: Ben Laurie: "Re: SSL sans RSA"
• Previous message: Niels Möller: "Re: SSL sans RSA"
• Next in thread: Ge' Weijers: "Re: PKI and RADIUS"
• Reply: Ge' Weijers: "Re: PKI and RADIUS"
• Maybe reply: C: "RE: PKI and RADIUS"

Hi, all.

I've been asked to spec. out VPN solutions for various clients recently, and
the piece that I'm never fully satisfied with is authentication: I'm
starting to sour on hardware-based tokens (for a variety of reasons). My
question to you is this: is anybody aware of a PKI solution that isn't tied
to a particular application (i.e., web-site verification, email-public-key
validation, etc.)? In other words, is there such thing as a CA that can be
used to authenticate certificate/private-key-bearing users via, say, RADIUS?

I've been looking at various CA products, and have yet to see one that is
that generalized. Is anybody working on this? A CA or other PK-based
authentication server that speaks RADIUS (and I suppose you'd need special
client software or at least a script to conduct a challenge-response with
the server) would be just the ticket.

Forgive me if this is an ignorant question, but it seems to me that there's
no technological reason that one couldn't use, for example, PGP keys as the
basis of a general-purpose (multi-client-platform) authentication scheme.
At any rate there's gotta be a better (or at least cheaper but equally
strong) way to authenticate users for dial-up or VPN than hard tokens.
(I've looked at S/Key and Kerberos, but these don't really seem to have
caught on in heterogeneous environments...)

Thanks,
Mick Bauer
EXi Corp.

• Next message: Ben Laurie: "Re: SSL sans RSA"
• Previous message: Niels Möller: "Re: SSL sans RSA"
• Next in thread: Ge' Weijers: "Re: PKI and RADIUS"
• Reply: Ge' Weijers: "Re: PKI and RADIUS"
• Maybe reply: C: "RE: PKI and RADIUS"