Search RFCs
RFC 9190
EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3,February 2022
- File formats:
- Also available:XML file for editing
- Status:
- PROPOSED STANDARD
- Updates:
- RFC 5216
- Authors:
- J. Preuß Mattsson
M. Sethi - Stream:
- IETF
- Source:
- emu (sec)
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC9190
Discuss this RFC: Send questions or comments to the mailing listemu@ietf.org
Other actions:View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 9190
Abstract
The Extensible Authentication Protocol (EAP), defined in RFC 3748,provides a standard mechanism for support of multiple authenticationmethods. This document specifies the use of EAP-TLS with TLS 1.3while remaining backwards compatible with existing implementations ofEAP-TLS. TLS 1.3 provides significantly improved security andprivacy, and reduced latency when compared to earlier versions ofTLS. EAP-TLS with TLS 1.3 (EAP-TLS 1.3) further improves security andprivacy by always providing forward secrecy, never disclosing thepeer identity, and by mandating use of revocation checking whencompared to EAP-TLS with earlier versions of TLS. This document alsoprovides guidance on authentication, authorization, and resumptionfor EAP-TLS in general (regardless of the underlying TLS versionused). This document updates RFC 5216.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.