X509v3 EAP Parameter Extension

Document Type Expired Internet-Draft (individual)
Author Jan-Frederik Rieckers 
Last updated 2020-05-04 (latest revision 2019-11-01)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document specifies an extension to X509v3 certificates for EAP- TLS servers to mitigate some flaws in the specification to the use of TLS in EAP as specified in RFC5216. The specified extension enables clients to decide whether to trust the certificate presented by the EAP-TLS server by including information implicitly defined by login credentials or communication context in the server certificate.


Jan-Frederik Rieckers (rieckers@uni-bremen.de)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)