Network Working Group Request for Comments: 5216 Obsoletes: 2716 Category: Standards Track

D. Simon B. Aboba R. Hurst Microsoft Corporation March 2008

The EAP-TLS Authentication Protocol Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract The Extensible Authentication Protocol (EAP), defined in RFC 3748, provides support for multiple authentication methods. Transport Layer Security (TLS) provides for mutual authentication, integrityprotected ciphersuite negotiation, and key exchange between two endpoints. This document defines EAP-TLS, which includes support for certificate-based mutual authentication and key derivation. This document obsoletes RFC 2716. A summary of the changes between this document and RFC 2716 is available in Appendix A.

Simon, et al.

Standards Track

[Page 1]

RFC 5216

EAP-TLS Authentication Protocol

March 2008

Table of Contents 1. Introduction ....................................................2 1.1. Requirements ...............................................3 1.2. Terminology ................................................3 2. Protocol Overview ...............................................4 2.1. Overview of the EAP-TLS Conversation .......................4 2.1.1. Base Case ...........................................4 2.1.2. Session Resumption ..................................7 2.1.3. Termination .........................................8 2.1.4. Privacy ............................................11 2.1.5. Fragmentation ......................................14 2.2. Identity Verification .....................................16 2.3. Key Hierarchy .............................................17 2.4. Ciphersuite and Compression Negotiation ...................19 3. Detailed Description of the EAP-TLS Protocol ...................20 3.1. EAP-TLS Request Packet ....................................20 3.2. EAP-TLS Response Packet ...................................22 4. IANA Considerations ............................................23 5. Security Considerations ........................................24 5.1. Security Claims ...........................................24 5.2. Peer and Server Identities ................................25 5.3. Certificate Validation ....................................26 5.4. Certificate Revocation ....................................27 5.5. Packet Modification Attacks ...............................28 6. References .....................................................29 6.1. Normative References ......................................29 6.2. Informative References ....................................29 Acknowledgments ...................................................31 Appendix A -- Changes from RFC 2716 ...............................32 1.

Introduction The Extensible Authentication Protocol (EAP), described in [RFC3748], provides a standard mechanism for support of multiple authentication methods. Through the use of EAP, support for a number of authentication schemes may be added, including smart cards, Kerberos, Public Key, One Time Passwords, and others. EAP has been defined for use with a variety of lower layers, including the Point-to-Point Protocol (PPP) [RFC1661], Layer 2 tunneling protocols such as the Point-to-Point Tunneling Protocol (PPTP) [RFC2637] or Layer 2 Tunneling Protocol (L2TP) [RFC2661], IEEE 802 wired networks [IEEE-802.1X], and wireless technologies such as IEEE 802.11 [IEEE802.11] and IEEE 802.16 [IEEE-802.16e]. While the EAP methods defined in [RFC3748] did not support mutual authentication, the use of EAP with wireless technologies such as [IEEE-802.11] has resulted in development of a new set of

Simo