%% You should probably cite rfc9190 instead of this I-D.
@techreport{ietf-emu-eap-tls13-21,
    number =    {draft-ietf-emu-eap-tls13-21},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-emu-eap-tls13/21/},
    author =    {John Preuß Mattsson and Mohit Sethi},
    title =     {{EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3}},
    pagetotal = 31,
    year =      2021,
    month =     oct,
    day =       20,
    abstract =  {The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the use of EAP-TLS with TLS 1.3 while remaining backwards compatible with existing implementations of EAP-TLS. TLS 1.3 provides significantly improved security and privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 (EAP-TLS 1.3) further improves security and privacy by always providing forward secrecy, never disclosing the peer identity, and by mandating use of revocation checking when compared to EAP-TLS with earlier versions of TLS. This document also provides guidance on authentication, authorization, and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216.},
}