[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECMECH] Re: Identity Protection in EAP-TLS
Pascal Urien <urienp at tele2.fr> writes:
> Hi Everybody,
>
> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>
>
> Title : Identity Protection within EAP-TLS
> Author(s) : P. Urien, M. Badra
> Filename : draft-urien-badra-eap-tls-identity-protection-00.txt
> Pages : 7
> Date : 2006-5-31
>
> This document defines a mechanism providing EAP-TLS identity
> protection.
>
> It defines new TLS extension, in order to negotiate the symmetric
> encryption algorithm that is used to encrypt or decrypt the client's
> certificate.
How would your approach compare to using TLS-PSK to set up a TLS
connection, and then within that TLS session, re-handshake with client
certificates? The client certificates would then be encrypted.
/Simon
_______________________________________________
SECMECH mailing list
SECMECH at lists.ietf.org
https://www1.ietf.org/mailman/listinfo/secmech