{"draft":"draft-ietf-emu-eap-tls13-21","doc_id":"RFC9190","title":"EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3","authors":["J. Preu\u00df Mattsson","M. Sethi"],"format":["HTML","TEXT","PDF","XML"],"page_count":"31","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"EAP Method Update","abstract":"The Extensible Authentication Protocol (EAP), defined in RFC 3748,\r\nprovides a standard mechanism for support of multiple authentication\r\nmethods. This document specifies the use of EAP-TLS with TLS 1.3\r\nwhile remaining backwards compatible with existing implementations of\r\nEAP-TLS. TLS 1.3 provides significantly improved security and\r\nprivacy, and reduced latency when compared to earlier versions of\r\nTLS. EAP-TLS with TLS 1.3 (EAP-TLS 1.3) further improves security and\r\nprivacy by always providing forward secrecy, never disclosing the\r\npeer identity, and by mandating use of revocation checking when\r\ncompared to EAP-TLS with earlier versions of TLS. This document also\r\nprovides guidance on authentication, authorization, and resumption\r\nfor EAP-TLS in general (regardless of the underlying TLS version\r\nused). This document updates RFC 5216.","pub_date":"February 2022","keywords":[],"obsoletes":[],"obsoleted_by":[],"updates":["RFC5216"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9190","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc9190"}