Hello all, I'm new to the list, relatively new to authentication, and I'm trying to figure out some details regarding the RFCs. I was hoping some of you might be able and willing to help me out here.
As I understand it, using TLS you can authenticate the server and optionally the client, negotiate the encryption/signing algorithm(s) for the TLS record protocol, and exchange the key information before switching to the selected encryption/signing algorithm(s) for secure data transport. EAP-TLS however seems focused on authorization and exchanging the key information, leaving the actual data encryption to be determine by other means (e.g. IEEE 802.1X MKA i.c.w. MACsec). My questions: 1. Is this understanding correct? 2. Does this imply that the negotiated encryption/signing algorithm(s) are only used for the EAP-TLS Finished messages? Any and all insights would be most welcome. :) Kind regards, Pieter Hulshoff - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
