Browse Prior Art Database

The EAP-TLS Authentication Protocol (RFC5216)

IP.com Disclosure Number: IPCOM000168747D
Original Publication Date: 2008-Mar-01
Included in the Prior Art Database: 2008-Mar-22
Document File: 35 page(s) / 72K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Simon: AUTHOR [+3]

Abstract

The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides support for multiple authentication methods. Transport Layer Security (TLS) provides for mutual authentication, integrity- protected ciphersuite negotiation, and key exchange between two endpoints. This document defines EAP-TLS, which includes support for certificate-based mutual authentication and key derivation.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 4% of the total text.

Network Working Group                                           D. Simon Request for Comments: 5216                                      B. Aboba Obsoletes: 2716                                                 R. Hurst Category: Standards Track                          Microsoft Corporation                                                               March 2008

                   The EAP-TLS Authentication Protocol

Status of This Memo

   This document specifies an Internet standards track protocol for the    Internet community, and requests discussion and suggestions for    improvements.  Please refer to the current edition of the "Internet    Official Protocol Standards" (STD 1) for the standardization state    and status of this protocol.  Distribution of this memo is unlimited.

Abstract

   The Extensible Authentication Protocol (EAP), defined in RFC 3748,    provides support for multiple authentication methods.  Transport    Layer Security (TLS) provides for mutual authentication, integrity-    protected ciphersuite negotiation, and key exchange between two    endpoints.  This document defines EAP-TLS, which includes support for    certificate-based mutual authentication and key derivation.

   This document obsoletes RFC 2716.  A summary of the changes between    this document and RFC 2716 is available in Appendix A.

Simon, et al.               Standards Track                     [Page 1]
 RFC 5216            EAP-TLS Authentication Protocol           March 2008

 Table of Contents

   1. Introduction ....................................................2

      1.1. Requirements ...............................................3

      1.2. Terminology ................................................3

   2. Protocol Overview ...............................................4

      2.1. Overview of the EAP-TLS Conversation .......................4

           2.1.1. Base Case ...........................................4

           2.1.2. Session Resumption ..................................7

           2.1.3. Termination .........................................8

           2.1.4. Privacy ............................................11

           2.1.5. Fragmentation ......................................14

      2.2. Identity Verification .....................................16

      2.3. Key Hierarchy .............................................17

      2.4. Ciphersuite and Compression Negotiation ...................19

   3. Detailed Description of the EAP-TLS Protocol ...................20

...