MobileFunet meeting 27.1.2021 describing idea how non-routable Windows host certificates could be routed by encapsulating them inside EAP-TTLS authentication. The presentation already includes proof-of-concept tests and plans for future work.
4. Idea: EAP-TLS inside EAP-TTLS
EAP-TLS is the inner EAP
authentication protocol for
certificate authentication
Wireless
controller, access
point etc. RADIUS
server
EAP protocol
WPA2 authentication
Outer EAP is EAP-TTLS with a
routable User-Name e.g.
anonhostcert@example.com