RadSec on one slide wraps RADIUS payloads in new transport profile transport packet payload with TCP UDP made sense when one packet per auth was sufficient, bot not any more with EAP conversations peer's “alive” status does not rely on guessing any more authenticate peers and encrypt traffic with TLS obsoletes (weak) shared secrets and static IP bindings independence of shared secrets and IP bindings enables dynamic peer discovery |