emu-0----Page:3
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
|
Basics of EAP-TLS EAP Type Code 13 Server certificate REQUIRED (Section 3.1) “If the EAP server is not resuming a previously established session, then it MUST include a TLS server_certificate handshake message, and a server_hello_done handshake message MUST be the last handshake message encapsulated in this EAP-Request packet.” Client certificate RECOMMENDED (Section 3.1) “The certificate_request message is included when the server desires the client to authenticate itself via public key. While the EAP server SHOULD require client authentication, this is not a requirement, since it may be possible that the server will require that the peer authenticate via some other means... If the EAP server sent a certificate_request message in the preceding EAP-Request packet, then the peer MUST send, in addition, certificate and certificate_verify handshake messages.” Client authentication can be postponed until later to enable privacy support |