Hi Piotr With TLS only after certificate validation is the secure channel established using the shared secret that was negotiated. Is the certificate sent in the secure channel?
With regards Kings 2011/1/9 Piotr Matusiak <[email protected]> > Hi Kings, > > This is like 2-in-1. You must securely send the user's identity > (certificate in this case) so that it needs secure channel. See RFC 5216 and > the info about Privacy for more details. > > Regards, > Piotr > > 2011/1/9 Kingsley Charles <[email protected]> > > Hi Piotr >> >> In that case why would we need a secure channel, if there is no further >> authentication? >> >> With regards >> Kings >> >> >> On Sun, Jan 9, 2011 at 3:33 AM, Piotr <[email protected]> wrote: >> >>> Hi Kings, >>> >>> There is no additional authentication method used since EAP-TLS >>> authenticates the client. In fact the username from CN is taken and compared >>> to the user in the ACS. >>> >>> Regards, >>> Piotr >>> >>> Dnia Jan 8, 2011 o godz. 12:42 PM Kingsley Charles < >>> [email protected]> napisaĆ(a): >>> >>> Ignore the "Why would I need a secure channel as there is not further >>> communication?" I just want to what is the authentication method used after >>> getting the secure channel. >>> >>> With regards >>> Kings >>> >>> On Sat, Jan 8, 2011 at 5:08 PM, Kingsley Charles >>> <<[email protected]> >>> [email protected]> wrote: >>> >>>> Hi all >>>> >>>> EAP TLS mutually authenticates the client and authenticator with cert >>>> certification after which secure channel is established. Why would I need a >>>> secure channel as there is not further communication. >>>> >>>> What is the authentication method used in the secure channel, is it MD5 >>>> authentication? >>>> >>>> With regards >>>> KIngs >>>> >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, please >>> visit <http://www.ipexpert.com>www.ipexpert.com >>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
