Yes that answers my question. Thanks Piotr.
With regards Kings 2011/1/9 Piotr Matusiak <[email protected]> > To be more precise this is like TLS-in-TLS. First the TLS forms secure > channel (without user's certificate) and then there is another TLS_cert_req > from the server site to force the client to send its certificate securely. > > Is that what you're looking for? > > > W dniu 9 stycznia 2011 08:27 użytkownik Kingsley Charles < > [email protected]> napisał: > > Hi Piotr >> >> With TLS only after certificate validation is the secure channel >> established using the shared secret that was negotiated. Is the certificate >> sent in the secure channel? >> >> With regards >> Kings >> >> 2011/1/9 Piotr Matusiak <[email protected]> >> >> Hi Kings, >>> >>> This is like 2-in-1. You must securely send the user's identity >>> (certificate in this case) so that it needs secure channel. See RFC 5216 and >>> the info about Privacy for more details. >>> >>> Regards, >>> Piotr >>> >>> 2011/1/9 Kingsley Charles <[email protected]> >>> >>> Hi Piotr >>>> >>>> In that case why would we need a secure channel, if there is no further >>>> authentication? >>>> >>>> With regards >>>> Kings >>>> >>>> >>>> On Sun, Jan 9, 2011 at 3:33 AM, Piotr <[email protected]> wrote: >>>> >>>>> Hi Kings, >>>>> >>>>> There is no additional authentication method used since EAP-TLS >>>>> authenticates the client. In fact the username from CN is taken and >>>>> compared >>>>> to the user in the ACS. >>>>> >>>>> Regards, >>>>> Piotr >>>>> >>>>> Dnia Jan 8, 2011 o godz. 12:42 PM Kingsley Charles < >>>>> [email protected]> napisał(a): >>>>> >>>>> Ignore the "Why would I need a secure channel as there is not further >>>>> communication?" I just want to what is the authentication method used >>>>> after >>>>> getting the secure channel. >>>>> >>>>> With regards >>>>> Kings >>>>> >>>>> On Sat, Jan 8, 2011 at 5:08 PM, Kingsley Charles >>>>> <<[email protected]> >>>>> [email protected]> wrote: >>>>> >>>>>> Hi all >>>>>> >>>>>> EAP TLS mutually authenticates the client and authenticator with cert >>>>>> certification after which secure channel is established. Why would I >>>>>> need a >>>>>> secure channel as there is not further communication. >>>>>> >>>>>> What is the authentication method used in the secure channel, is it >>>>>> MD5 authentication? >>>>>> >>>>>> With regards >>>>>> KIngs >>>>>> >>>>> >>>>> _______________________________________________ >>>>> For more information regarding industry leading CCIE Lab training, >>>>> please visit <http://www.ipexpert.com>www.ipexpert.com >>>>> >>>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
