EAP Transport Layer Security

EAP-TLS is a standard developed by Microsoft and accepted by the Internet Engineering Task Force (IETF) as RFC 2716. It is based on the Transport Layer Security (TLS) protocol as described in another standard (RFC 2246).

Similarly to Cisco LEAP method, EAP-TLS mutually authenticates the client and the server, but in this case, passwords are not used at all. Instead, Public Key cryptography based on the Rivest, Shamir, and Adelman (RSA) handshake is used. EAP-TLS uses digital certificates or smart cards to validate both the user and the server's identity.

Figure 17-6 shows the process of authentication via EAP-TLS.

0 0

Post a comment