Handling Large Certificates and Long Certificate Chains in TLS-Based EAP Methods
RFC 9191, “Handling Large Certificates and Long Certificate Chains in TLS-Based EAP Methods”, is an Informational document published in February 2022 by M. Sethi, J. Preuß Mattsson, S. Turner. The canonical text is published by the RFC Editor.
Abstract
The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. EAP-TLS and other TLS-based EAP methods are widely deployed and used for network access authentication. Large certificates and long certificate chains combined with authenticators that drop an EAP session after only 40 - 50 round trips is a major deployment problem. This document looks at this problem in detail and describes the potential solutions available.
What “Informational” means
Published for the general information of the community. It does not define an IETF standard and carries no standards-track status.
The canonical text of RFC 9191 is hosted at rfc-editor.org. Available in HTML,TXT,PDF,XML.
- RFC 9190 EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3
- RFC 9192 Network Service Header Fixed-Length Context Header Allocation
- RFC 9189 GOST Cipher Suites for Transport Layer Security Protocol Version 1.2
- RFC 9193 Sensor Measurement Lists Fields for Indicating Data Value Content-Format
- RFC 9188 Generic Multi-Access Encapsulation Protocol
- RFC 9194 A YANG Module for IS-IS Reverse Metric
- RFC 9187 Sequence Number Extension for Windowed Protocols
- RFC 9195 A File Format for YANG Instance Data