%% You should probably cite rfc7717 instead of this I-D. @techreport{ietf-ippm-ipsec-02, number = {draft-ietf-ippm-ipsec-02}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-ippm-ipsec/02/}, author = {Kostas Pentikousis and Yang Cui and Emma Zhang}, title = {{Network Performance Measurement for IPsec}}, pagetotal = 12, year = 2014, month = feb, day = 14, abstract = {The O/TWAMP security mechanism requires that endpoints (i.e. both the client and the server) possess a shared secret. Since the currently- standardized O/TWAMP security mechanism only supports a pre-shared key mode, large scale deployment of O/TWAMP is hindered significantly. At the same time, recent trends point to wider IKEv2 deployment, which in turn calls for mechanisms and methods that enable tunnel end-users, as well as operators, to measure one-way and two-way network performance in a standardized manner. This document discusses the use of keys derived from an IKE SA as the shared key in O/TWAMP. If the shared key can be derived from the IKE SA, O/TWAMP can support cert-based key exchange, which would allow for more flexibility and efficiency. Such key derivation can also facilitate automatic key management.}, }