Skip to main content

An Extension for EAP-Only Authentication in IKEv2

Document Type Replaced Internet-Draft (individual)
Expired & archived
Authors Pasi Eronen , Yaron Sheffer , Hannes Tschofenig
Last updated 2010-03-02 (Latest revision 2009-10-20)
Replaced by RFC 5998
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-ipsecme-eap-mutual
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


IKEv2 specifies that EAP authentication must be used together with public key signature based responder authentication. This is necessary with old EAP methods that provide only unilateral authentication using, e.g., one-time passwords or token cards. This document specifies how EAP methods that provide mutual authentication and key agreement can be used to provide extensible responder authentication for IKEv2 based on methods other than public key signatures.


Pasi Eronen
Yaron Sheffer
Hannes Tschofenig

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)