|Document||Type||Expired Internet-Draft (individual)|
|Intended RFC status||(None)|
Expired & archivedpdf htmlized bibtex
|Stream||Stream state||(No stream defined)|
|RFC Editor Note||(None)|
|Send notices to||(None)|
This document describes an extension to IKEv2 that allows an endpoint which has authenticated to a gateway to request a short-term credential, possession of which proves the authentication. This allows it to prove to a security gateway that it was already authenticated by another trusted security gateway, thereby allowing the authentication of the endpoint without user intervention. This credential is a certificate issued by the authenticating gateway for a short period of time, which can be used to authenticate the user with IKE signature based authentication.
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)