RFC 2716 (rfc2716) - Page 1 of 24
PPP EAP TLS Authentication Protocol
Alternative Format: Original Text Document
Network Working Group B. Aboba
Requests for Commments: 2716 D. Simon
Category: Experimental Microsoft
October 1999
PPP EAP TLS Authentication Protocol
Status of this Memo
This memo defines an Experimental Protocol for the Internet
community. It does not specify an Internet standard of any kind.
Discussion and suggestions for improvement are requested.
Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1999). All Rights Reserved.
1. Abstract
The Point-to-Point Protocol (PPP) provides a standard method for
transporting multi-protocol datagrams over point-to-point links. PPP
also defines an extensible Link Control Protocol (LCP), which can be
used to negotiate authentication methods, as well as an Encryption
Control Protocol (ECP), used to negotiate data encryption over PPP
links, and a Compression Control Protocol (CCP), used to negotiate
compression methods. The Extensible Authentication Protocol (EAP) is
a PPP extension that provides support for additional authentication
methods within PPP.
Transport Level Security (TLS) provides for mutual authentication,
integrity-protected ciphersuite negotiation and key exchange between
two endpoints. This document describes how EAP-TLS, which includes
support for fragmentation and reassembly, provides for these TLS
mechanisms within EAP.
2. Introduction
The Extensible Authentication Protocol (EAP), described in [5],
provides a standard mechanism for support of additional
authentication methods within PPP. Through the use of EAP, support
for a number of authentication schemes may be added, including smart
cards, Kerberos, Public Key, One Time Passwords, and others. To date
however, EAP methods such as [6] have focussed on authenticating a
client to a server.
Aboba & Simon Experimental
