@techreport{funk-eap-md5-tunneled-01,
    number =    {draft-funk-eap-md5-tunneled-01},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-funk-eap-md5-tunneled/01/},
    author =    {Paul Funk},
    title =     {{The EAP MD5-Tunneled Authentication Protocol   (EAP-MD5-Tunneled)}},
    pagetotal = 18,
    year =      2004,
    month =     apr,
    day =       5,
    abstract =  {EAP-MD5-Tunneled is an EAP protocol designed for use as an inner authentication protocol within a tunneling EAP protocol such as EAP- TTLS or EAP-PEAP. It is cryptographically equivalent to standard CHAP and the EAP-MD5-Challenge protocol. It can be used inside an EAP tunnel without exposing the system to the type of man-in-the- middle attack which use of CHAP or the original MD5 Challenge protocol is subject to, yet it is capable of being converted to CHAP credentials at the tunneling endpoint for proxy forwarding to legacy AAA servers, with no modification required of the legacy AAA server. It may also be converted to EAP-MD5-Challenge credentials at the tunneling endpoint for the purpose of proxy; however, the downstream server that terminates the EAP-MD5-Challenge must be modified to provide a challenge that meets certain criteria.},
}