Handling Large Certificates and Long Certificate Chains in TLS-based EAP Methods

Document Type Expired Internet-Draft (emu WG)
Last updated 2020-02-14 (latest revision 2019-08-13)
Replaces draft-ms-emu-eaptlscert
Stream IETF
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


EAP-TLS and other TLS-based EAP methods are widely deployed and used for network access authentication. Large certificates and long certificate chains combined with authenticators that drop an EAP session after only 40 - 50 round-trips is a major deployment problem. This memo looks at the this problem in detail and describes the potential solutions available.


Mohit Sethi (mohit@piuha.net)
John Mattsson (john.mattsson@ericsson.com)
Sean Turner (sean@sn3rd.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)