8/28/2008 EAP-Transport Level Security (EAP-TLS) is an EAP type that is used for smart card or certificate-based authentication. The EAP-TLS exchange of messages provides mutual authentication, integrity-protected cipher suite negotiation, and private key exchange and determination between the access client and the authenticating server.
The following list shows the reasons that EAP-TLS using registry-based client certificates provides the strongest authentication for wireless connectivity:
- EAP-TLS does not require any dependencies on the user account's password.
- EAP-TLS authentication occurs automatically, usually with no intervention by the user.
- EAP-TLS uses certificates, and this is a relatively strong authentication scheme.
- The EAP-TLS exchange is protected with public key cryptography and is not susceptible to offline dictionary attacks.
- The EAP-TLS authentication process results in mutually determined keying material for data encryption and signing.
For more information about EAP-TLS, see Transport Level Security (TLS).
See Also