To be more precise this is like TLS-in-TLS. First the TLS forms secure channel (without user's certificate) and then there is another TLS_cert_req from the server site to force the client to send its certificate securely.
Is that what you're looking for? W dniu 9 stycznia 2011 08:27 użytkownik Kingsley Charles < [email protected]> napisał: > Hi Piotr > > With TLS only after certificate validation is the secure channel > established using the shared secret that was negotiated. Is the certificate > sent in the secure channel? > > With regards > Kings > > 2011/1/9 Piotr Matusiak <[email protected]> > > Hi Kings, >> >> This is like 2-in-1. You must securely send the user's identity >> (certificate in this case) so that it needs secure channel. See RFC 5216 and >> the info about Privacy for more details. >> >> Regards, >> Piotr >> >> 2011/1/9 Kingsley Charles <[email protected]> >> >> Hi Piotr >>> >>> In that case why would we need a secure channel, if there is no further >>> authentication? >>> >>> With regards >>> Kings >>> >>> >>> On Sun, Jan 9, 2011 at 3:33 AM, Piotr <[email protected]> wrote: >>> >>>> Hi Kings, >>>> >>>> There is no additional authentication method used since EAP-TLS >>>> authenticates the client. In fact the username from CN is taken and >>>> compared >>>> to the user in the ACS. >>>> >>>> Regards, >>>> Piotr >>>> >>>> Dnia Jan 8, 2011 o godz. 12:42 PM Kingsley Charles < >>>> [email protected]> napisał(a): >>>> >>>> Ignore the "Why would I need a secure channel as there is not further >>>> communication?" I just want to what is the authentication method used after >>>> getting the secure channel. >>>> >>>> With regards >>>> Kings >>>> >>>> On Sat, Jan 8, 2011 at 5:08 PM, Kingsley Charles >>>> <<[email protected]> >>>> [email protected]> wrote: >>>> >>>>> Hi all >>>>> >>>>> EAP TLS mutually authenticates the client and authenticator with cert >>>>> certification after which secure channel is established. Why would I need >>>>> a >>>>> secure channel as there is not further communication. >>>>> >>>>> What is the authentication method used in the secure channel, is it MD5 >>>>> authentication? >>>>> >>>>> With regards >>>>> KIngs >>>>> >>>> >>>> _______________________________________________ >>>> For more information regarding industry leading CCIE Lab training, >>>> please visit <http://www.ipexpert.com>www.ipexpert.com >>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
