@techreport{nir-tee-pm-00,
    number =    {draft-nir-tee-pm-00},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-nir-tee-pm/00/},
    author =    {Yoav Nir},
    title =     {{Protocol Model for TLS with EAP Authentication}},
    pagetotal = 0,
    year =      2007,
    month =     feb,
    day =       23,
    abstract =  {This document describes an extension to the TLS protocol to allow TLS clients to authenticate with legacy credentials using the Extensible Authentication Protocol (EAP). This work follows the example of IKEv2, where EAP has been added to the IKEv2 protocol to allow clients to use different credentials such as passwords, token cards, and shared secrets. When TLS is used with EAP, additional records are sent after the ChangeCipherSpec protocol message, effectively creating an extended handshake before the application layer data can be sent. Each EapMsg handshake record contains exactly one EAP message. Using EAP for client authentication allows TLS to be used with various AAA back-end servers such as RADIUS or Diameter. TLS with EAP may be used for securing a data connection such as HTTP or POP3, where the ability of EAP to work with backend servers can remove that burden from the application layer. This document is a protocol model, rather than a full protocol specification.},
}