EAP-TLS and TLS record protocol
Pieter Hulshoff
phulshof at xs4all.nl
Fri May 24 10:12:13 CEST 2013
Hello all,
I'm new to the list, relatively new to authentication, and I'm trying to figure
out some details regarding the RFCs. I was hoping some of you might be able
and willing to help me out here.
As I understand it, using TLS you can authenticate the server and optionally
the client, negotiate the encryption/signing algorithm(s) for the TLS record
protocol, and exchange the key information before switching to the selected
encryption/signing algorithm(s) for secure data transport. EAP-TLS however
seems focused on authorization and exchanging the key information, leaving the
actual data encryption to be determine by other means (e.g. IEEE 802.1X MKA
i.c.w. MACsec).
My questions:
1. Is this understanding correct?
2. Does this imply that the negotiated encryption/signing algorithm(s) are
only used for the EAP-TLS Finished messages?
Any and all insights would be most welcome. :)
Kind regards,
Pieter Hulshoff
More information about the Freeradius-Users
mailing list