The EAP-TLS Authentication Protocol
RFC 5216, “The EAP-TLS Authentication Protocol”, is a Proposed Standard document published in March 2008 by D. Simon, B. Aboba, R. Hurst. It obsoletes RFC 2716. It has since been updated by RFC 8996, RFC 9190, RFC 9965. The canonical text is published by the RFC Editor.
Abstract
The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides support for multiple authentication methods. Transport Layer Security (TLS) provides for mutual authentication, integrity-protected ciphersuite negotiation, and key exchange between two endpoints. This document defines EAP-TLS, which includes support for certificate-based mutual authentication and key derivation.
This document obsoletes RFC 2716. A summary of the changes between this document and RFC 2716 is available in Appendix A. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 5216 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 5215 RTP Payload Format for Vorbis Encoded Audio
- RFC 5217 Memorandum for Multi-Domain Public Key Infrastructure Interoperability
- RFC 5214 Intra-Site Automatic Tunnel Addressing Protocol
- RFC 5218 What Makes for a Successful Protocol?
- RFC 5213 Proxy Mobile IPv6
- RFC 5219 A More Loss-Tolerant RTP Payload Format for MP3 Audio
- RFC 5212 Requirements for GMPLS-Based Multi-Region and Multi-Layer Networks
- RFC 5220 Problem Statement for Default Address Selection in Multi-Prefix Environments: Operational Issues of RFC 3484 Default Rules