%% You should probably cite rfc7717 instead of this I-D. @techreport{ietf-ippm-ipsec-04, number = {draft-ietf-ippm-ipsec-04}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-ippm-ipsec/04/}, author = {Kostas Pentikousis and Yang Cui and Emma Zhang}, title = {{IKEv2-based Shared Secret Key for O/TWAMP}}, pagetotal = 12, year = 2014, month = jul, day = 22, abstract = {The O/TWAMP security mechanism requires that both the client and server endpoints possess a shared secret. Since the currently- standardized O/TWAMP security mechanism only supports a pre-shared key mode, large scale deployment of O/TWAMP is hindered significantly. At the same time, recent trends point to wider IKEv2 deployment which, in turn, calls for mechanisms and methods that enable tunnel end-users, as well as operators, to measure one-way and two-way network performance in a standardized manner. This document discusses the use of keys derived from an IKEv2 SA as the shared key in O/TWAMP. If the shared key can be derived from the IKEv2 SA, O/ TWAMP can support certificate-based key exchange, which would allow for more operational flexibility and efficiency. The key derivation presented in this document can also facilitate automatic key management.}, }