EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3

Metadata

Publisher: IETF
Doc Type: Standard
Abstract: The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides a standard mechanism for support of multiple authentication methods. This document specifies the use of EAP-TLS with TLS 1.3 while remaining backwards compatible with existing implementations of EAP-TLS. TLS 1.3 provides significantly improved security and privacy, and reduced latency when compared to earlier versions of TLS. EAP-TLS with TLS 1.3 (EAP-TLS 1.3) further improves security and privacy by always providing forward secrecy, never disclosing the peer identity, and by mandating use of revocation checking when compared to EAP-TLS with earlier versions of TLS. This document also provides guidance on authentication, authorization, and resumption for EAP-TLS in general (regardless of the underlying TLS version used). This document updates RFC 5216.
Publication Date: 2022-02-01
Status Note: Proposed Standard
DOI: 10.17487/RFC9190
Link: https://doi.org/10.17487/RFC9190
Author(s): John Preuß Mattsson, Mohit Sethi

Latest version of IETF RFC 9190

Document Versions — IETF RFC 9190

▶ IETF RFC 9190 (2022-02-01)

THIS DOC [ACTIVE] [LATEST VERSION]

Normative Reference(s)

IETF RFC 2119 [Active*]
RFC3748 NOT IN REGISTRY
RFC5216 NOT IN REGISTRY
IETF RFC 5280 [Active, Amended]
RFC5705 NOT IN REGISTRY
RFC6066 NOT IN REGISTRY
RFC6960 NOT IN REGISTRY
RFC7542 NOT IN REGISTRY
RFC8174 NOT IN REGISTRY
IETF RFC 8446 [Active]

Bibliographic Reference(s)

10.1109-IEEESTD.2016.7786995 NOT IN REGISTRY
10.1109-IEEESTD.2018.8585421 NOT IN REGISTRY
10.1109-IEEESTD.2020.9018454 NOT IN REGISTRY
3GPP.TS-33.501.202201 NOT IN REGISTRY
IETF.draft-ietf-emu-tls-eap-types-04 NOT IN REGISTRY
IETF.draft-ietf-tls-rfc8446bis-03 NOT IN REGISTRY
IETF.draft-ietf-tls-ticketrequests-07 NOT IN REGISTRY
MFA.MulteFire.r1.1.2019 NOT IN REGISTRY
MS.PEAP.20210625 NOT IN REGISTRY
RFC1661 NOT IN REGISTRY
IETF RFC 2246 [Superseded]
RFC2560 NOT IN REGISTRY
RFC2865 NOT IN REGISTRY
IETF RFC 3280 [Superseded]
RFC4137 NOT IN REGISTRY
RFC4282 NOT IN REGISTRY
IETF RFC 4346 [Superseded]
RFC4851 NOT IN REGISTRY
RFC5077 NOT IN REGISTRY
RFC5191 NOT IN REGISTRY
IETF RFC 5246 [Superseded]
RFC5247 NOT IN REGISTRY
RFC5281 NOT IN REGISTRY
RFC6125 NOT IN REGISTRY
RFC6733 NOT IN REGISTRY
RFC7170 NOT IN REGISTRY
RFC7406 NOT IN REGISTRY
RFC7457 NOT IN REGISTRY
RFC7525 NOT IN REGISTRY
RFC7593 NOT IN REGISTRY
RFC8126 NOT IN REGISTRY
RFC8447 NOT IN REGISTRY
RFC8996 NOT IN REGISTRY
RFC9155 NOT IN REGISTRY
RFC9191 NOT IN REGISTRY

Source Data (JSON)

Full registry record with provenance metadata. Open directly: /api/doc/RFC9190.json

Reference Tree

Explore all references and references to this document, as a navigable tree.

Open Reference Tree

Reference this Doc

Plain text (ISO 690 compliant)

Preview:

IETF RFC 9190, EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3. Available at https://doi.org/10.17487/RFC9190

Snippet:

IETF RFC 9190, EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3. Available at https://doi.org/10.17487/RFC9190

HTML (ISO 690 compliant)

Preview:

IETF RFC 9190, EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3. Available at https://doi.org/10.17487/RFC9190

Snippet:

<span class="citation"><cite>IETF RFC 9190</cite>, EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3. Available at <a href="https://doi.org/10.17487/RFC9190" target="_blank" rel="noopener">https://doi.org/10.17487/RFC9190</a></span>

SMPTE's HTML Pub

Preview:

IETF RFC 9190, EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3
doi: 10.17487/RFC9190
url: https://doi.org/10.17487/RFC9190

Snippet:

<li>
<cite id="bib-rfc9190">IETF RFC 9190</cite>, EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3
<span class="doi">10.17487/RFC9190</span>
</li>

Referenced By

IETF RFC 9678 [Active*]