@misc{rfc9190, series = {Request for Comments}, number = 9190, howpublished = {RFC 9190}, publisher = {RFC Editor}, doi = {10.17487/RFC9190}, url = {https://www.rfc-editor.org/info/rfc9190}, author = {John Preuß Mattsson and Mohit Sethi}, title = {{EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3}}, pagetotal = 31, year = 2022, month = feb, abstract = {The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the use of EAP-TLS with TLS 1.3 while remaining backwards compatible with existing implementations of EAP-TLS. TLS 1.3 provides significantly improved security and privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 (EAP-TLS 1.3) further improves security and privacy by always providing forward secrecy, never disclosing the peer identity, and by mandating use of revocation checking when compared to EAP-TLS with earlier versions of TLS. This document also provides guidance on authentication, authorization, and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216.}, }