The Extensible Authentication Protocol (EAP), defined in RFC3748,
provides a standard mechanism for support of multiple authentication
methods. EAP-Transport Layer Security (EAP-TLS) and other TLS-based
EAP methods are widely deployed and used for network access
authentication. Large certificates and long certificate chains
combined with authenticators that drop an EAP session after only 40 -
50 round-trips is a major deployment problem. This document looks at
the this problem in detail and describes the potential solutions
Working Group Summary
There was good support in the working group for this document. There we
several substantive reviews of the document.
This document has be reviewed by members of the EAP and the TLS community. Some of the mechanisms in the document are being implemented.
Joseph Salowey is the document shepherd
Roman Danyliw is the responsible AD