@techreport{ietf-ipsec-isakmp-hybrid-auth-05,
    number =    {draft-ietf-ipsec-isakmp-hybrid-auth-05},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-ipsec-isakmp-hybrid-auth/05/},
    author =    {Moshe Litvin and Roy Shamir and Tamir Zegman},
    title =     {{A Hybrid Authentication Mode for IKE}},
    pagetotal = 10,
    year =      2000,
    month =     aug,
    day =       10,
    abstract =  {This document describes a set of new authentication methods to be used within Phase 1 of the Internet Key Exchange (IKE). The proposed methods assume an asymmetry between the authenticating entities. One entity, typically an Edge Device (e.g. firewall), authenticates using standard public key techniques (in signature mode), while the other entity, typically a remote User, authenticates using challenge response techniques. These authentication methods are used to establish, at the end of Phase 1, an IKE SA which is unidirectionally authenticated. To make this IKE bi-directionally authenticated, this Phase 1 is immediately followed by an X-Auth Exchange {[}XAUTH{]}. The X-Auth Exchange is used to authenticate the remote User. The use of these authentication methods is referred to as Hybrid Authentication mode. This proposal is designed to provide a solution for environments where a legacy authentication system exists, yet a full public key infrastructure is not deployed.},
}