Proposal Develop an Enhanced EAP-TLS method supports all requirements in Slide 2. Allow client optionally not send client certificate in TLS handshake but go thru a second inner authentication in the protected TLS tunnel, which supports legacy weak password database. It could be done thru inner EAP method in TLS Application data or TLS InnerApplication exchange. |