EAP-Double-TLS Authentication Protocol

Document Type Expired Internet-Draft (individual)
Authors Mohamad Badra  , Pascal Urien 
Last updated 2006-06-23
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


EAP-Double-TLS is an EAP protocol that extends EAP-TLS. In EAP-TLS, a full TLS handshake is used to mutually authenticate a peer and server and to share a secret key. EAP-Double-TLS extends this authentication negotiation by establishing a secure connection based on the use of Pre Shared Keys (PSK). The secure connection may then be used to allow the server and the peer to securely exchange their identity and to update security attributes for next sessions. EAP-Double-TLS allows the peer and the server to establish keying material for use in the data connection between the peer and the authenticator. The keying material is established implicitly between peer and server based on the TLS Pre-Shared-Key handshake.


Mohamad Badra (Mohamad.Badra@enst.fr)
Pascal Urien (Pascal.Urien@enst.fr)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)