@techreport{funk-eap-ttls-v1-01, number = {draft-funk-eap-ttls-v1-01}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-funk-eap-ttls-v1/01/}, author = {Paul Funk and Simon Blake-Wilson}, title = {{EAP Tunneled TLS Authentication Protocol Version 1 (EAP-TTLSv1) }}, pagetotal = 22, year = 2006, month = mar, day = 8, abstract = {EAP-TTLS is an EAP type that utilizes TLS to establish a secure connection between a client and server, through which additional information may be exchanged. The initial TLS handshake may mutually authenticate client and server; or it may perform a one-way authentication, in which only the server is authenticated to the client. The secure connection established by the initial handshake may then be used to allow the server to authenticate the client using existing, widely-deployed authentication infrastructures such as RADIUS. The authentication of the client may itself be EAP, or it may be another authentication protocol such as PAP, CHAP, MS-CHAP or MS-CHAP-V2. Thus, EAP-TTLS allows legacy password-based authentication protocols to be used against existing authentication databases, while protecting the security of these legacy protocols against eavesdropping, man-in-the-middle and other cryptographic attacks. EAP-TTLS also allows client and server to exchange other information in addition to authentication-related information. This document describes EAP-TTLSv1; that is, version 1 of the EAP- TTLS protocol. It represents a significant enhancement to the original version 0 of the protocol. EAP-TTLSv1 utilizes an extended version of TLS, called TLS/IA (TLS/InnerApplication) as its underlying protocol {[}TLS/IA{]}.}, }