%% You should probably cite draft-ietf-emu-eaptlscert instead of this I-D.
@techreport{ms-emu-eaptlscert-01,
    number =    {draft-ms-emu-eaptlscert-01},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ms-emu-eaptlscert/01/},
    author =    {Mohit Sethi and John Preuß Mattsson},
    title =     {{Handling Large Certificates and Long Certificate Chains in EAP-TLS}},
    pagetotal = 7,
    year =      2018,
    month =     oct,
    day =       22,
    abstract =  {Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. EAP-Transport Layer Security (EAP- TLS) provides means for key derivation and strong mutual authentication with certificates. However, certificates can often be relatively large in size. The certificate chain to the root-of-trust can also be long when multiple intermediate Certification Authorities (CAs) are involved. This implies that EAP-TLS authentication needs to be fragmented into many smaller packets for transportation over the lower-layer. Such fragmentation can not only negatively affect the latency, but also results in implementation challenges. For example, many authenticator (access point) implementations will drop an EAP session if it hasn't finished after 40 - 50 packets. This can result in failed authentication even when the two communicating parties have the correct credentials for mutual authentication. Moreover, there are no mechanisms available to easily recover from such situations. This memo looks at the problem in detail and discusses the solutions available to overcome these deployment challenges.},
}