<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.21 (Ruby 2.6.10) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-ietf-emu-teapv2-00" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.24.0 -->
  <front>
    <title abbrev="TEAP">Tunnel Extensible Authentication Protocol (TEAP) Version 2</title>
    <seriesInfo name="Internet-Draft" value="draft-ietf-emu-teapv2-00"/>
    <author initials="A." surname="DeKok" fullname="Alan DeKok">
      <organization>InkBridge Networks</organization>
      <address>
        <email>alan.dekok@inkbridge.io</email>
      </address>
    </author>
    <date year="2026" month="July" day="05"/>
    <area>Internet</area>
    <workgroup>EMU working group</workgroup>
    <keyword>Internet-Draft</keyword>
    <abstract>
      <?line 40?>

<t>This document defines the Tunnel Extensible Authentication Protocol
(TEAP) version 2.  It addresses a number of security and
interoperability issues which were found during the publication of
TEAPv1 (<xref target="I-D.ietf-emu-rfc7170bis"/>).</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-ietf-emu-teapv2/"/>.
      </t>
      <t>
        Discussion of this document takes place on the
        EMU Working Group mailing list (<eref target="mailto:emu@ietf.org"/>),
        which is archived at <eref target="https://mailarchive.ietf.org/arch/browse/emu/"/>.
        Subscribe at <eref target="https://www.ietf.org/mailman/listinfo/emu/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/inkbridgenetworks/teapv2.git"/>.</t>
    </note>
  </front>
  <middle>
    <?line 47?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>Tunnel Extensible Authentication Protocol (TEAP) version 1 was first
defined in <xref target="RFC7170"/>.  However, implementations of that
specification were found to have limited interoperability, due to the
complexity of the design, and to under-specification of the
cryptographic key deriviations that it defined.</t>
      <t>TEAPv1 was updated and clarified in <xref target="I-D.ietf-emu-rfc7170bis"/>.  That
document described a large amount of potential functionality in the
protocol, but also noted in <xref section="5.1" sectionFormat="comma" target="I-D.ietf-emu-rfc7170bis"/>
that only a small subset of that functionality was interoperable.  In
addition, the interoperable parts of the protocol had security issues
which could potentially allow on-path attackers control control over
the data being transported inside of the TLS tunnel.</t>
      <t>We do not review the full security issues with TEAPv1 here.  Instead,
we define TEAPv2, with new and simpler cryptographic key deriviations.
These derivations address all of the known issues with TEAPv1.</t>
      <t>NOTE: For simplicity, this current draft defines TEAPv2 as a delta
from TEAPv1.  Once the overall framework has been agreed upon, this
document will be updated to define TEAPv2 without referring to TEAPv1.
i.e. Implementing TEAPv2 will not require anyone to read the previous
TEAPv1 document.</t>
      <section anchor="common-elements-with-teapv1">
        <name>Common Elements With TEAPv1</name>
        <t>Most parts of TEAPv1 are unchanged.  The message and TLV formats are
the same, as are the derivations for the session_key_seed
(<xref section="6.1" sectionFormat="comma" target="I-D.ietf-emu-rfc7170bis"/>).  The derivations for the
Master Session Key (MSK) and the Extended Master Session Key (EMSK)
(<xref section="6.4" sectionFormat="comma" target="I-D.ietf-emu-rfc7170bis"/>) have had only minor changes.</t>
        <t>The Crypto-Binding TLV <xref section="4.2.13" sectionFormat="comma" target="I-D.ietf-emu-rfc7170bis"/> has
the same format as for TEAPv1, although its value is now calculated
via a different derivation.  The Crypto-Binding TLV is now used only
when the inner exchange is an EAP authentication method.</t>
        <t>The largest difference between TEAPv1 and TEAPv2 is in the
cryptographic calculations of the intermediate keys.  The calculations
are simpler than the ones defined for TEAPv1, without compromising on
security.</t>
        <t>A related problem with TEAPv1 was that the Crypto-Binding TLV
calculation had significant differences between independent
implementations.  These differences were due to complex derivations of
multiple intermediate keys, some of which were defined ambiguously.
This complexity and lack of clarity lead to interoperability problems.
TEAPv2 simplifies the key deriviations, reduces the number of
intermediate keys, and gives smaller (and hopefully clearer)
definitions for the derivations.</t>
        <t>NOTE: TEAPv2 will also include mandatory support for all protocol
operations.</t>
      </section>
      <section anchor="outline-of-this-document">
        <name>Outline of this Document</name>
        <t>This document largely follows the same outline as
<xref target="I-D.ietf-emu-rfc7170bis"/>.  Where changes from that document are
made, the same section titles are used in order to ensure easy
comparison of the documents.  New sections are added, with new titles.
For parts of TEAP which are not mentioned herein, this document makes
no changes from <xref target="I-D.ietf-emu-rfc7170bis"/>.</t>
      </section>
      <section anchor="specification-requirements">
        <name>Specification Requirements</name>
        <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
"MAY", and "OPTIONAL" in this document are to be interpreted as
described in BCP 14 <xref target="RFC8174">RFC2119</xref> when, and only when, they
appear in all capitals, as shown here.</t>
      </section>
      <section anchor="terminology">
        <name>Terminology</name>
        <t>Round</t>
        <ul empty="true">
          <li>
            <t>A round is one set of inner message exchanges.  Each round finishes
with an Interim-Result TLV and a Cryptographic-Binding TLV.  Other
TLVs may also be included in a round.</t>
            <t>A round can include multiple inner message exchanges, e.g. EAP-TLS.</t>
            <t>This term was used in <xref target="I-D.ietf-emu-rfc7170bis"/>, but was not
defined in that document.</t>
          </li>
        </ul>
      </section>
    </section>
    <section anchor="negotiation">
      <name>Negotiation</name>
      <t>TEAPv2 uses the same version negotiation method as is defined in
<xref section="3.1" sectionFormat="comma" target="I-D.ietf-emu-rfc7170bis"/>, with the Version field set
to two (2) for TEAPv2.</t>
      <t>TEAPv2 MUST use TLS 1.3 or later.  TEAPv2 MUST NOT use TLS-PSK.</t>
    </section>
    <section anchor="cryptographic-calculations">
      <name>Cryptographic Calculations</name>
      <t>The crytographic calculations for TEAPv2 have been substantially
simplified from those defined in <xref section="6" sectionFormat="comma" target="I-D.ietf-emu-rfc7170bis"/>.</t>
      <section anchor="key-derivations">
        <name>TEAP Authentication Phase 1: Key Derivations</name>
        <t>The session key seed is the same as defined in
<xref section="6.2.1" sectionFormat="comma" target="I-D.ietf-emu-rfc7170bis"/> for TEAPv2.  That
definition is reproduced here verbatim:</t>
        <artwork><![CDATA[
   session_key_seed = TLS-Exporter(
                      "EXPORTER: teap session key seed",, 40)
]]></artwork>
      </section>
      <section anchor="inner-methods">
        <name>Inner Methods</name>
        <t>There are multiple possible message exchanges for Inner Methods,
including passwords, PKCS#7 data, and EAP methods.  Not all of these
inner methods will provide an MSK or an EMSK.</t>
        <t>TEAPv2 uses the Crypto-Binding TLV to protect both parties from the
attacks outlined in <xref target="RFC6677"/>.  As those attacks are only possible
when the inner method is EAP, TEAPv2 defines key derivations only when
then inner method is EAP.  TEAPv2 does not define key deriviations or
use the Crypto-Binding TLV for other inner method exchanges.</t>
        <t>The key deriviations described below MUST be done when the inner
method is EAP (i.e. when the parties exchange EAP-Payload TLVs).  The
key deriviations described below MUST NOT be done when the inner
method is anything other than EAP (i.e. when the inner method does not
include EAP-Payload TLVs).</t>
        <t>Since the Crypto-Binding TLV depends on the key derivations, it has
the same requirements.  A Crypto-Binding TLV MUST be used when the
inner method is EAP.  A Crypto-Binding TLV MUST NOT be used when the
inner method is anything other than EAP.</t>
        <t>Inner EAP methods MUST produce an MSK and/or an EMSK.  Inner EAP
methods which produce neither MSK or EMSK (e.g. EAP-GTC) MUST NOT be
used.  A party which sees an attempt to use a forbidden inner EAP
method MUST either respond with an EAP NAK that suggests one or more
acceptable EAP methods, or else respond with a fatal error, and an
Error-TLV contain value "Invalid EAP Method" (TBD).</t>
      </section>
      <section anchor="intermediate-compound-key">
        <name>Intermediate Compound Key Derivations</name>
        <t>The intermediate key derivation in TEAPv2 proceeds via the following
steps:</t>
        <ul spacing="normal">
          <li>
            <t>Combine the seed from the previous round with the MSK and/or the
EMSK from the current round.  If the MSK or EMSK is not available,
the relevant field is set to zero.  The resulting data is the
"RoundSeed", which is used to seed the intermediate key derivations
for this round.</t>
          </li>
          <li>
            <t>At the conclusion of an inner round, call the TLS-Exporter()
function (<xref section="7.5" sectionFormat="comma" target="RFC8446"/>) with the RoundSeed as the
"context_value" in order to derive intermediate keying data.</t>
          </li>
          <li>
            <t>Split the resulting intermediate keying data into two subkeys.  One
subkey is used as the seed to the next round.  The other subkey is
the Compound MAC Key (CMK) which is used to calculate the
Crypto-Binding TLV.</t>
          </li>
        </ul>
        <t>The following sections explain how the round seed is created
(<xref target="key-seeding"/>), how the seed is used to derive an intermediate key
(<xref target="derived-key"/>), how the seed is updated after each round
(<xref target="updating-roundseed"/>), and finally how the master keys are
generated from the final round seed (<xref target="master-key"/>).</t>
        <section anchor="key-seeding">
          <name>Intermediate Key Seeding</name>
          <t>The intermediate compound key deriviations for TEAPv2 depend on the
following RoundSeed structure.  The RoundSeed structure is defined
using the same syntax as is used for TLS <xref target="RFC8446"/>:</t>
          <artwork><![CDATA[
   struct {
       opaque PrevRoundKey[40]
       opaque MSK[32];
       opaque EMSK[32]
    } RoundSeed
]]></artwork>
          <t>The RoundSeed structure fields have the following definitions:</t>
          <t>PrevRoundKey</t>
          <ul empty="true">
            <li>
              <t>A key which ties the previous round to the current round.</t>
            </li>
          </ul>
          <t>MSK</t>
          <ul empty="true">
            <li>
              <t>The Master Session Key (MSK) from the current round.</t>
            </li>
          </ul>
          <t>EMSK</t>
          <ul empty="true">
            <li>
              <t>The Extended Master Session Key (EMSK) from the current round.</t>
            </li>
          </ul>
          <t>At the start of Phase 2, the first 40 octets of the session_key_seed
MUST be copied to the PrevRoundKey field of the RoundSeed structure.
All other fields MUST be set to zero.</t>
          <t>The MSK and EMSK are taken from the inner authentication method for
the current round.  If the MSK or the EMSK are not available, the
corresponding field in RoundSeed is set to zero.</t>
          <t>The RoundSeed structure is updated after the DerivedKey structure
(<xref target="derived-key"/>, below) is calculated.  The process to fill in and
update the RoundSeed structure is defined below in
<xref target="updating-roundseed"/>.</t>
        </section>
        <section anchor="derived-key">
          <name>Key Derivation</name>
          <t>After a successful inner round, a DerivedKey is calculated.  The
DerivedKey depends on the current value of RoundSeed via the
following calculation.</t>
          <artwork><![CDATA[
   DerivedKey = TLS-Exporter(
                "EXPORTER: TEAPv2 Inner Methods Compound Keys",
                RoundSeed, 72)
]]></artwork>
          <t>The DerivedKey is 72 octets in length, and is assigned to the
following data structure:</t>
          <artwork><![CDATA[
   struct {
       opaque RoundKey[40];
       opaque CMK[32]
   } DerivedKey
]]></artwork>
          <t>The DerivedKey structure fields have the following definitions:</t>
          <t>RoundKey</t>
          <ul empty="true">
            <li>
              <t>A key which is associated with this round.</t>
              <t>This field is copied to the PrevRoundKey field of the RoundSeed
structure.</t>
            </li>
          </ul>
          <t>CMK</t>
          <ul empty="true">
            <li>
              <t>The Compound MAC Key (CMK)</t>
              <t>The CMK is mixed with with data from the TEAP negotiation to create
the Compound-MAC ({#computing-compound-mac}) which is used in the
Crypto-Binding TLV.</t>
            </li>
          </ul>
        </section>
        <section anchor="updating-roundseed">
          <name>Updating RoundSeed</name>
          <t>The RoundSeed structure MUST be updated after the DerivedKey structure
has been calculated.  Each field is updated via the process defined
below.</t>
          <t>Note that the RoundSeed value is updated at the end of each inner
round, before the Crypto-Binding TLV is calculated.  This update
ensures that the final master key calculation (<xref target="master-key"/>, below)
uses a different value for the RoundSeed structure than was used in
the last inner exchange.</t>
          <t>PrevRoundKey</t>
          <ul empty="true">
            <li>
              <t>The RoundKey field from the DerivedKey structure is copied to the
PrevRoundKey field.</t>
            </li>
          </ul>
          <t>MSK</t>
          <ul empty="true">
            <li>
              <t>If the inner round did not define an MSK, this field is set to all
zeros.</t>
              <t>If the inner method derived an MSK, then only the first 32 octets of
that MSK are copied to this field.</t>
            </li>
          </ul>
          <t>EMSK</t>
          <ul empty="true">
            <li>
              <t>If the inner round did not define an EMSK, this field is set to all
zeros.</t>
              <t>If the inner method derived an EMSK, then only the first 32 octets
of that EMSK are copied to this field.</t>
            </li>
          </ul>
        </section>
      </section>
      <section anchor="computing-compound-mac">
        <name>Computing the Compound-MAC</name>
        <t>The Compound-MAC used in the Crypto-Binding TLV is calculated via
method as for TEAPv1.  That definition is reproduced here verbatim:</t>
        <artwork><![CDATA[
   Compound-MAC = the first 20 octets of MAC( CMK, BUFFER )
]]></artwork>
        <t>CMK is taken from the DerivedKey structure which was calculated for
this round.  The definition of BUFFER is the same as in
<xref section="6.3" sectionFormat="comma" target="I-D.ietf-emu-rfc7170bis"/> for TEAPv1.</t>
        <t>For TEAPv2, only one CMK is derived for each inner message.  This
limitation also means that only one Compound-MAC is derived for the
Crypto-Binding TLV ({#crypto-binding}).</t>
      </section>
      <section anchor="master-key">
        <name>EAP Master Session Key Generation</name>
        <t>The final MSK and ESMK are generated via the following derivation:</t>
        <artwork><![CDATA[
   MSK  = the first 64 octets of TLS-PRF(RoundSeed,
          "Session Key Generating Function")
   EMSK = the first 64 octets of TLS-PRF(RoundSeed,
          "Extended Session Key Generating Function")
]]></artwork>
        <t>This construction ensures that the cryptographic binding requirements
of <xref target="RFC6677"/> are satisfied, while using a much simpler key
derivation than was done for TEAPv1.</t>
      </section>
    </section>
    <section anchor="message-formats">
      <name>Message Formats</name>
      <t>The following sections describe the message formats used in TEAPv2.
The fields are transmitted from left to right in network byte order.</t>
      <section anchor="eap-mtu">
        <name>EAP MTU</name>
        <t><xref section="3.1" sectionFormat="comma" target="RFC3748"/> defines a minimum EAP MTU of 1020 octets.
However, it defines no maximum MTU, <xref target="RFC3748"/> also provides no way
for EAP methods to negotiate an MTU.</t>
        <t>Implementation and operational experience has shown that there is a
need to define a maximum MTU.  Without a defined maximum, EAP peers
may assume that the MTU is limited by the local network, which could
be as large as 9K octets.  Such large EAP packets can have issues when
transiting subsequent systems in the network.</t>
        <t>For example, the RADIUS protocol often carries EAP, and <xref section="3" sectionFormat="comma" target="RFC2865"/> defines a maximum RADIUS packet length of 4096 octets.
This limit can therefore be in conflict with different local network
limits seen by the EAP peer.</t>
        <t>As a result, TEAPv2 mandates a maximum MTU.  TEAPv2 impementations are
limited to sending EAP packets which are no larger than 1280 octets in
size.  That is, the EAP packet Length field (<xref section="4" sectionFormat="comma" target="RFC3748"/>)
MUST contain a value which is no larger than 1280.</t>
        <t>This size was chosen to be small enough that the TEAPv2 packets can
transit nearly all networks, but large enough to not require too many
message exchanges.</t>
      </section>
      <section anchor="teapv2-message-format">
        <name>TEAPv2 Message Format</name>
        <t>The TEAPv2 message format is identical to that of TEAPv1
(<xref section="4.1" sectionFormat="comma" target="I-D.ietf-emu-rfc7170bis"/>) with only one change: the
Ver field is set to "2", to indicate that this is TEAPv2.</t>
      </section>
      <section anchor="teapv2-tlvs">
        <name>TEAPv2 TLVs</name>
        <t>The TEAPv2 TLV format and TLV definitions are identical to that for
TEAPv1 (<xref section="4.2" sectionFormat="comma" target="I-D.ietf-emu-rfc7170bis"/>), with only the
changes and additions noted below.</t>
        <section anchor="crypto-binding">
          <name>Crypto-Binding TLV</name>
          <t>The format of the TEAPv2 Crypto-Binding TLV is the same as for TEAPv1
(<xref section="4.2.13" sectionFormat="comma" target="I-D.ietf-emu-rfc7170bis"/>), with the following
changes:</t>
          <ul spacing="normal">
            <li>
              <t>The Version field MUST set to two (2).</t>
            </li>
            <li>
              <t>The Received-Ver field MUST be set to two (2), to indicate TEAPv2.</t>
            </li>
            <li>
              <t>The Flags field MUST have value 2, to indicate that only the MSK
Compound-MAC is present.</t>
            </li>
            <li>
              <t>The Nonce is updated as with TEAPv1.</t>
            </li>
            <li>
              <t>The ESMK Compound-MAC field is not used.  It SHOULD be set to zeros
by the sender.  The receiver MUST ignore it.</t>
            </li>
            <li>
              <t>The MSK Compound-MAC field is calculated as described above in
<xref target="computing-compound-mac"/>.</t>
            </li>
          </ul>
        </section>
      </section>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC3748">
          <front>
            <title>Extensible Authentication Protocol (EAP)</title>
            <author fullname="B. Aboba" initials="B." surname="Aboba"/>
            <author fullname="L. Blunk" initials="L." surname="Blunk"/>
            <author fullname="J. Vollbrecht" initials="J." surname="Vollbrecht"/>
            <author fullname="J. Carlson" initials="J." surname="Carlson"/>
            <author fullname="H. Levkowetz" initials="H." role="editor" surname="Levkowetz"/>
            <date month="June" year="2004"/>
            <abstract>
              <t>This document defines the Extensible Authentication Protocol (EAP), an authentication framework which supports multiple authentication methods. EAP typically runs directly over data link layers such as Point-to-Point Protocol (PPP) or IEEE 802, without requiring IP. EAP provides its own support for duplicate elimination and retransmission, but is reliant on lower layer ordering guarantees. Fragmentation is not supported within EAP itself; however, individual EAP methods may support this. This document obsoletes RFC 2284. A summary of the changes between this document and RFC 2284 is available in Appendix A. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="3748"/>
          <seriesInfo name="DOI" value="10.17487/RFC3748"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
        <reference anchor="RFC8446">
          <front>
            <title>The Transport Layer Security (TLS) Protocol Version 1.3</title>
            <author fullname="E. Rescorla" initials="E." surname="Rescorla"/>
            <date month="August" year="2018"/>
            <abstract>
              <t>This document specifies version 1.3 of the Transport Layer Security (TLS) protocol. TLS allows client/server applications to communicate over the Internet in a way that is designed to prevent eavesdropping, tampering, and message forgery.</t>
              <t>This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077, 5246, and 6961. This document also specifies new requirements for TLS 1.2 implementations.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8446"/>
          <seriesInfo name="DOI" value="10.17487/RFC8446"/>
        </reference>
        <reference anchor="I-D.ietf-emu-rfc7170bis">
          <front>
            <title>Tunnel Extensible Authentication Protocol (TEAP) Version 1</title>
            <author fullname="Alan DeKok" initials="A." surname="DeKok">
         </author>
            <date day="28" month="May" year="2025"/>
            <abstract>
              <t>   This document defines the Tunnel Extensible Authentication Protocol
   (TEAP) version 1.  TEAP is a tunnel-based EAP method that enables
   secure communication between a peer and a server by using the
   Transport Layer Security (TLS) protocol to establish a mutually
   authenticated tunnel.  Within the tunnel, TLV objects are used to
   convey authentication-related data between the EAP peer and the EAP
   server.  This document obsoletes RFC 7170 and updates RFC 9427 by
   moving all TEAP specifications from those documents to this one.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-ietf-emu-rfc7170bis-22"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC6677">
          <front>
            <title>Channel-Binding Support for Extensible Authentication Protocol (EAP) Methods</title>
            <author fullname="S. Hartman" initials="S." role="editor" surname="Hartman"/>
            <author fullname="T. Clancy" initials="T." surname="Clancy"/>
            <author fullname="K. Hoeper" initials="K." surname="Hoeper"/>
            <date month="July" year="2012"/>
            <abstract>
              <t>This document defines how to implement channel bindings for Extensible Authentication Protocol (EAP) methods to address the "lying Network Access Service (NAS)" problem as well as the "lying provider" problem. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="6677"/>
          <seriesInfo name="DOI" value="10.17487/RFC6677"/>
        </reference>
        <reference anchor="RFC7170">
          <front>
            <title>Tunnel Extensible Authentication Protocol (TEAP) Version 1</title>
            <author fullname="H. Zhou" initials="H." surname="Zhou"/>
            <author fullname="N. Cam-Winget" initials="N." surname="Cam-Winget"/>
            <author fullname="J. Salowey" initials="J." surname="Salowey"/>
            <author fullname="S. Hanna" initials="S." surname="Hanna"/>
            <date month="May" year="2014"/>
            <abstract>
              <t>This document defines the Tunnel Extensible Authentication Protocol (TEAP) version 1. TEAP is a tunnel-based EAP method that enables secure communication between a peer and a server by using the Transport Layer Security (TLS) protocol to establish a mutually authenticated tunnel. Within the tunnel, TLV objects are used to convey authentication-related data between the EAP peer and the EAP server.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7170"/>
          <seriesInfo name="DOI" value="10.17487/RFC7170"/>
        </reference>
        <reference anchor="RFC2865">
          <front>
            <title>Remote Authentication Dial In User Service (RADIUS)</title>
            <author fullname="C. Rigney" initials="C." surname="Rigney"/>
            <author fullname="S. Willens" initials="S." surname="Willens"/>
            <author fullname="A. Rubens" initials="A." surname="Rubens"/>
            <author fullname="W. Simpson" initials="W." surname="Simpson"/>
            <date month="June" year="2000"/>
            <abstract>
              <t>This document describes a protocol for carrying authentication, authorization, and configuration information between a Network Access Server which desires to authenticate its links and a shared Authentication Server. [STANDARDS-TRACK]</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="2865"/>
          <seriesInfo name="DOI" value="10.17487/RFC2865"/>
        </reference>
      </references>
    </references>
  </back>
  <!-- ##markdown-source:
H4sIAHlySmoAA61bbVMbuZb+rl+hIl9gy/YFwoQZtu7sJWDuUAlJFpyZ3ZpK
Tclu2VbR3fJtdQOeFPvb97xIarXdHpKtzYcZsPVydF6e85wjMRwORW3qXJ/J
SVOWOpfjp1qXzkxzLc+beqnL2sxUbWwpP1W2tjOby/3J+PzTgfxVVw4/PxZq
Oq30AywBn4vMzkpVwIJZpeb10Oh6PtRFM6y1Wj0cDw8PhXC1KrM/VG5LGFZX
jRZmVdFPrj4+PPzpEJastDqT12Wtq1LX4nFxJsc3n+Wjre5NuZCLyjYrcf/Y
Dhle4nYCZD2Trs6Ea6aFcSjgZL2Cba7HkyshVuZMwr9XcqZK2TgtVVWptdw3
c6nyXK61O5C2kkvllnKpKy2khDOf4Rfwo7NVXem5O6MlMj1XTV47GBG+Xxf8
Nf4qFKjPVmdCDKUp4cPzkbzU7+w9DGQFnecgRPhIF8rkZyCFKkeZvrf3/zDl
/bQy2UKPjIUBtlqo0vxJtsBj37+lL+UHXaNWYMPSVgV8/aDPYPjt1cXr05Mf
/Y8/Hp2ehB9PTt7gj9fDy1E0TjWfnR6dHk6NA3lNOd9Y6c2b01P44kGXDX1E
6ieLwC8sOKzyD1xuBHLiCFMvm+mZjIcovZh/Yz8YwQDQzHAo1dTVlZrBb5Ol
cRLcpynA61C9ptSg3aX+dt8U3jcfgm+O4KC1VFlWaedgNSXLppjqStq5dHrW
VKZeS/BGODT4kV3pSk1Njh+C8zQw4XFpZkv5CL4g57YpM5nBHPBAFGvVTPMg
gZ0L3PrhSO5//bpDt8/PByM+dGGyLNdCvEL/rWzWzHARUMH3BmE46JF8VE7O
TeVqwZrLQPfy69f/APPh9s/PoIpf7KOGGQNpilWuUc20qkNt1EtVC7fSMzMP
myWnBh9fqgctc1OYmtbuqmsAetE4CqQVM4vLP6EWaWENxnRmUQ5Q0zgIVtTV
sLsZjxSzar2q7aJSK1C8vNdrmFuZB+MFRSmlCd6RgTq91vH4zSpTKBzuMstV
BYsHNey0CGhlgidP/M7NKjPFZSSsARGmClBBjQKubI22ULmcNyWZTLGvlCT7
yhtnIKcNOF3urCxt/YIIA3mnaSn5w+jo+VnQCW2Zg1tKVyAqAZQ5XQcbbWyN
506MkWv0+FKAxxscNCD1dwbIlapqFywTZAbzZm1EsPMLdv6ZbfKsPTtKluf2
EYQcrlS9lKqu1eweHBFGojfn8f8WnE2Q/VWt5FRT4FSqdCtAUtKLM5kOokze
38maAgDM+htMIvVJSC1GP9KIeYPq6AopHwFqpPcCxGxSgAOYyQbiUXtP4QHH
Ax5dwnroJI7ioJJ/7XQjQCbtNH/m/dAjCmUNL/59aR/LHqHgMB8+TsZn8goy
C+1oZhQxNeIdnKUit8P0FUGPpZUKASvTea3EvLJFWFDKj+VM06aoYZRhXkFK
QYDF3AWa1qVUi0qDjpsVe4FxrY8/Gpgy1TFgICQ7aiLxbYO6n+uK8c7G45gR
6Pg6IAh+GWfBsmyyfzUGsEOVa8jxOBfSeeb9DcxpGxfiNsgEWnr1Sl7YooBI
GPPSTv7WqlGIG+vq1nn9fCAKACezpSoXAAcYzFoWYBmFgQsmnrz/VXI6cziW
vNGBrgak3Ep7eGotC4PpM8gWiKx/gDf84UCRYjeutyH8BkP4wIvRs6q4UeCZ
FYynxeU7cLX9m7t3B4yMMImgPwOb9I0c49BvFOQEBGHMxsgmQCkMUATJunII
nbDfBbn+8K0pM7IkqOsblj8ZHY+OXj8/o7dFlXo9o2LxuGwg0HOOvrRYAmw7
+aByyBPg9xAsQMLyWZOjBwqINXR1Mwd/YxQOuvPK7JHTrwI0js8HcKVLj3cl
qE4/8VFxIDAtEEeqbjYtNIiWeU0Q2IOHBSEgwqZAWjCUgq+hP7GrGxdAv4sd
4UhtVvXoW+gM4EQjuDh/pHQsEt4IRwDzfA6LWBDSearTEJ+YaQEYjEOdAIEI
2AhHOoeYI90ixAPsFx2gxLRB2aTu1a1IZOPMAOmbcnWZKshFDcFUvULHLWux
QS74tIifyTyiFp4yeLrQiRegUwWQawNfbOtvAEy8oLSRsLOgJlVMzaIBhMnX
I6aUCR1BC+aQrHAuMQT4LCdosluUJugN8Z+NzuANpIJZ6WaeGIDGgcn5byPP
FD3yoxwL4NeOUzyM28ePlrA95rg1CKfBI6oDJnOmC02JomJySSGYmIcpZ3kD
ybWAhVVtqzXwiBXmXVoGc0ZI/YIOHZYDFP7Y1DkmA/JfUOClx+hNik4RA8LO
LfIBPjYBgfULADj8NfX6DRN2QCRJOY68Mm6BkF2oTA/axZ3HIKpbGcMJAiAe
bZVh+FgJ7LmBz7Vya2KjYGkXOWZcHV3zA1ABvyKvBZldZwlP4G1GArN3J/l4
58M5mPMoF1r0QDyT8Tm3PUmh7oFRlbZ72r9SD9nirkOSbzmxkvCMWuiEkPcz
J/duPt9N9gb8fwlegT/fjv/z8/Xt+BJ/vvvl/P37+IPwI+5++fj5/WX7Uzvz
4uPNzfjDJU+GT2XnI7F3c/7fe+zKex8/Ta4/fjh/v8eomJ6bcqxFtkFxAPmf
KDqwkUi0Yc7bi0/y6ET+DtXK8dHRT1/oJ6xav0hEdd6Gkhj/CmZcC7VaQZTg
dHTnmVqZGlyfMrtbIhkjOkhqnEAEQvbL7WItxC2WNEL8LAEjqboBeZGneJbN
2SOQiJBF0FnGCgzOUzAqHcAarEKuAohNrQhTDG+1A+iiFIVSK4+vPkWkMItM
Dk5SwSLwmwMfWXPwkrYofkk7ijcdiZ8TobGFEYO8xcpe2QdSjxYjTIFDYNm8
DsUyIhPXTu7FUonLGhwM/g4LJHVmJ2hR4xBXC1szMIqAn43TCUiE0rVsR/qE
jAY0Lll/N4q0lOQ1Ui8ft7hHaE8BXOdY2dQCq9NHK/ePD9pcejyK0lHYYE8I
65Cj0WtsBGECrTCBJUMwEvyw4ae7d3TajoXlRZrYKUqBJOzgCK0kTNaIumPF
VytfbYmYdrKAkNZp2anyX9KOeBPwhJBrs6kALE7LozMimZdJFv76CuBlmKSb
Zz6O58YEPsiN0VrRrup7LfcGySRwycQooSiPyQ93qPSKWiUeYtGBpiBWcSbE
/8A/IeUWaZd/JzONn6jgrPZxTM+/vfF/ffp4OxnfnklsT22db28wkCeHB7wN
avGawuyGvJVNjJmjSgJxZR03cLZikc7ZWWAgOI4RFVbKOcLzgfz07uLu1SnV
zox/aDqOEMpctk7KT6dFiH0awEwAFPaAFTZABZQO6NFIhG/IazeDsodhQ8Qg
SQA7yamFuML8Z9pErQWX/i4kfO+NvmNIGf7ceX8NQ1FLBORBQ5u03WMAGBwE
HITgCJVxJF2BKIacgGVI2bdEG76Z1YRdodjd6i7ZSmBk79AG2s0iXHd3aRNE
m5E7q7aJbqqxb0IoMkUaAjJ0Dy86kst9KrXjkKD+WNggnn9S69wqKnSdrzzF
t4mAQPaiGFDCQz7H6oJOTqVJj2gdjQQ9i5CetuUU4s6EHkaPqrmYQOt2mXYg
2qbuVp5VwovQ6frWDGqnTBcEF/0Os3sBr7S/XmSH0uDUHPdJIPOqHthCnEKw
/y2JVSnjNBHDm8hnmFdqQzv5IMdZcj+m/H9OLg5S6dHJMzoletTarwVAR3Uy
BKouVjX1aTFu0e+nBlhxiK5WDF7U711pt7KAUoEO4SE/nL9jbuCaBRbXzLNA
wsICsVezmV7V1JNMNDLA73Xu9MaKcg5AmEtdVbZiPFSlGONvQ7QO9hwVwA93
GPauS/jBMGYyzO7J/cnby4ORB/CkJruACoEo1Xb+S2u34cyPG4I/+ky4Wdsl
bopY6IEHzDSDNOIktjmokUkVE3iIcLVe4aXLv6EUU0Qlbj61yb7tmXniFylO
4irohZLtHqeF1iJzR3CieZwVfMQwHqoHZXK0wwAvvJao+Vw/YK3P7AmGITcG
j/gTSmTfvqiI5qKXU3eXKQDM3yN6fUdp07uW8fwSFqCT9XVF0gCHVbjWNS4w
X1DQOXcrwNCAKs7fGajglTRugOQqD93kNu8f4Iq+b44XNP4erOUgp6MfsF8W
VRvPIFU8F3qYfqr/IA/b69SbJPv2mYJySPw7IHG1127Q3K4J+AWzVaCCvmX0
sUQp+PeoUeVaf+HbF8CCp9bmaCgGoTjRmzg6/c35BXcXL27eHWwbLDbpvBq2
gdHnvejTbT2tn1Y5xiQUY3xw2jAwxlmlqfe3//uXfSKa+AXMPzgYxBlhbJDG
K5qs3lUdL8PfU4T2LhNuiObYW9WxnOPJ9C0IMKTPcA6uobjao4uPsF7BzVm0
DLUo8H6zopVj9NGU9MS0BU9k8QiJNqAIDXHHavDs2yulD28CHm1TjqSq4FTq
M6lojdR6uKurZlY3dHMy6fh+/CYpxyB5hPtPbsesAXeffMlGZqLNoYaKYfb8
nFJ0WlN+DVTcrtS/ALA/AcbRxqCB308Ov2x8DWD1++vjL/++8fHYf04fP7eS
e6a+6zSEao4Lrg4cy6TdBjKnQnG/gNotFCJ1aANuoLOPwi74CgGCCiq6dW9n
n+4AdiC3EONk9ssXBLvX8QgKtWVFnQ4u/I4H3mErV0OZI+2s1u0F4dY9SOBR
M7syLeqkqvJZwy/Q52jiHAsXwiVvi7BqmmfYgD7LccKibpK6By4SD8nw39vZ
R1cUL6dCuncJq3fzob/PrjwVQRfxKbFMDraRH3c73hYE4daXjFmouDhyG80G
TN0PCDnjxYkPWSIYjp6izLHuw54RoBrvtcsKaY+FywKo13fgoMeqLkEChEok
BIQ6pzMpyDUzFGfe5N3krNKz9pxDJF9vlADBgkzvwLXaA3lSlWBb0mEZtciT
LP5SWyBpCHgY7RTsHcbo9gZb86NwA3l6fJCgUff8p8ch2MBguS4X9ZLzDdYQ
Du9cYoAlpyOCEK34MrSmsLoJoJDzA34+J8L1S/z9ALoLPPl8dmYoFDzrasle
bE9G+vndYAMrJHAj4JwBQPuJj9+TNIIbFuYpSEb/IaVHzKEuWtq4RKJEdAZW
SdnVEDfZ//oKU3VDMRWLiELNnjf5lr9T/LmfZWEEfvaxmfj/156Afd6NQbEO
/jYgiu8JOsFKnfBonbBUKG8CHAXKQOiCV1WW0MhfOyYRHG6Fo0w8gojLnHka
NyY8kEw1IPvO7sE2ssSlBd8MJZefzNNaQpeCxxZnCyAsGn5M1l5Y8xHCDV2f
3qkLkLTaKTHlsPbGdfVom3dEU7b+Hl2xNz43IwbW2I6ZlpVcz5NMyjQmg9o5
aZVxY8LfaW0WhUCNYRFMfY5jt7NeaAqxnMlK4FPUvWvJx+vjlnxQIIGNQl5O
zxNkSKjRNx1h/P93hvHLh4BFwput8Qun4KcvjBDb+LETPvwTjnRsAiMvhgbG
q2ivXNoHBr7/Lr+7/94R5e+JUo5TWglf7iPODuTbz1dX41sZMqTH3g2C1+vh
/uZfdc7DdC/mkfAMJx4C9vY7blxYfOtFxev0mgJfdl3FQmvAfoD9LX+M4C04
oYWwcCHgcUnQi0pGG7r6K7QK7xzbBVO1bqyM0d1jaMw5/OmUP332nS9qiG2X
Dv/kCpZZXYt43sUYJCMTv7thb27L3q3GVtLOYf9A98AFOm7x5iRxC7pQu73a
b8lTwqv2+oSFba58V2cPWzwcZ//HDWJh9fJOnhwRypbskzhhK7d03wZ5Q3Sa
1QLESi5MSKsO9nN43UftsxybzThNyaLBNq1/JIQtj6TZGLMLtfM7PvoKaCvf
QV3xQ7id/ZpwTcA9Dj8pvJ4LyBLuTdkviAdSVYbvOsGVYxMk13NC1soslpjj
pH8CLqfrWnPrLPHIyWchSBH4an3jVjde/ih8wmaKpghz0KpHhxFcRqJ94dw+
piwhqNQTTYMpAxm3QX1jyPlbMhr5qNYCtZe26OEQgetxJpx8xlZ+55kTP1AI
D2mwT/0Evxh6RraMDxKCZ3CKVqLUndeXKhUUn8f4Z14q1mn++wHJt9K6coIe
DTjXFAm1QtXABuG19pTzU24BK4MZQm+WXvcCQ0MY9O+dnfzpXdColHfodfwN
bYpvfWtHzw+I/8eH8ngHh05gKFzo1TKUGMCN3BrgpAgv5oIAHj31k0JFcg/i
9vzy+vNd+yjZAjdF5llV2G2h+0DUMz9rP/7xzQ8DET2l6ydej2FBEtqXWOg0
J4c/vYlOQ5FMuqJTkX2IX9IzDIzxeW5mtS8EIuXrqJNxHOkECOz1HWyEnRcU
ivu+8UqTX2Z1xGWzhzeGxSp9o499xmBQaqQzmqQ2SV8kscn85dPR8Y+Hbakp
nPlThxyPCS4Ky2p6z2piirTfE5X4tpT7QOHWRXkCHMuZHgFGHjNxd87ceDFc
+tdB/NZdl/RUNDpyuEBpnS74GCheVfwWPdjA8QsV9tWwku28SK4tgkG5FtvP
e+LzCHzo0QFMxstgtQ4s0kPQjBtPOdM6VbfPk7/pre4JPRpm74opn6U6o/T+
a2iTJXx173hvwK8WM+x5xdg31IeNb1vaI+G9a+cg7cvo+FA6fWyIXrR9MmRY
L/6dS+edMBxtkJyN+mn+IQTd4fk/VHD+TyVCqYi1bt/b5E1WE3IZnSP8IQEf
sJ/+prSvTZPfaCh+9XyQPDNqb/L8qegub7L1AImixdvOv0IahZG3eqapi9Ya
eqMd6md0LR6NzKtc5Wrh0umEzhyWxz2+EssWrKDkFsdcAVrxYy5e/oPFVJbW
6Jt/5cDjiBx2Fouui4Hor56va+mfG3Z7vng75dETAY4fX9GVGamo4pOZRYnw
bFrpkPf1b5qUByp9CKGmlm7sYEMs8vsrLOLMaH/+i5MLS3+wUoWnXa/k9fmH
862P8S+8poBY4n8BpmmEVV85AAA=

-->

</rfc>
