An Extension for EAP-Only Authentication in IKEv2
draft-eronen-ipsec-ikev2-eap-auth-07
| Document | Type |
Replaced Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Authors | Pasi Eronen , Yaron Sheffer , Hannes Tschofenig | ||
| Last updated | 2010-03-02 (Latest revision 2009-10-20) | ||
| Replaced by | RFC 5998 | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Replaced by draft-ietf-ipsecme-eap-mutual | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
IKEv2 specifies that EAP authentication must be used together with public key signature based responder authentication. This is necessary with old EAP methods that provide only unilateral authentication using, e.g., one-time passwords or token cards. This document specifies how EAP methods that provide mutual authentication and key agreement can be used to provide extensible responder authentication for IKEv2 based on methods other than public key signatures.
Authors
Pasi Eronen
Yaron Sheffer
Hannes Tschofenig
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)