Table D-1. Detailed Comparison of TLS-based EAP Methods (continued)
Authentication
Mutual: Uses digital
Direction
certificates both
ways
Protection of User
No
Identity Exchange
a.
TLS is secure, but the requirement for client certificates is too big a hurdle for most institutions to
deal with.
b.
TTLS, at least initially, is much more widely implemented than PEAP, and therefore has a slight
convenience advantage over the comparable PEAP method.
c.
PEAP uses the TLS channel to protect a second EAP exchange. PEAP is backed by Microsoft.
EAP Type
TLS
a
(RFC 2716)
(Internet draft)
Mutual: Certificate
for server
authentication, and
tunneled method for
client
Yes; protected by TLS Yes; protected by TLS
TTLS
PEAP
b
(Internet draft)
Mutual: Certificate
for server, and
protected EAP
method for client
D-5
c