An Extension for EAP-Only Authentication in IKEv2
draft-eronen-ipsec-ikev2-eap-auth-07

 
Document Type Replaced Internet-Draft (individual)
Last updated 2010-03-02 (latest revision 2009-10-20)
Replaced by draft-ietf-ipsecme-eap-mutual
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
plain text pdf html
Stream Stream state (No stream defined)
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-ipsecme-eap-mutual
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-eronen-ipsec-ikev2-eap-auth-07.txt

Abstract

IKEv2 specifies that EAP authentication must be used together with public key signature based responder authentication. This is necessary with old EAP methods that provide only unilateral authentication using, e.g., one-time passwords or token cards. This document specifies how EAP methods that provide mutual authentication and key agreement can be used to provide extensible responder authentication for IKEv2 based on methods other than public key signatures.

Authors

Pasi Eronen (pe@iki.fi)
Yaron Sheffer (yaronf.ietf@gmail.com)
Hannes Tschofenig (Hannes.Tschofenig@gmx.net)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)