@techreport{ietf-ipsra-pic-07,
    number =    {draft-ietf-ipsra-pic-07},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-ietf-ipsra-pic/07/},
    author =    {Dr. Bernard D. Aboba and Dr. Hugo Krawczyk and Yaron Sheffer},
    title =     {{PIC, A Pre-IKE Credential Provisioning Protocol}},
    pagetotal = 30,
    year =      2004,
    month =     aug,
    day =       24,
    abstract =  {This document presents a Pre-IKE Credential (PIC) provisioning protocol. PIC is a method to bootstrap IPsec authentication via an 'Authentication Server' (AS) and user authentication mechanisms such as RADIUS. PIC happens before IKE (the Internet Key Exchange protocol). The client machine communicates with the AS using a key exchange protocol where only the server is authenticated, and the derived keys are used to protect the user authentication. Once the user is authenticated, the client machine obtains credentials from the AS that can be later used to authenticate the client in a standard IKE exchange, with no user intervention. The proposed key exchange is based on ISAKMP (the Internet Security Association and Key Management Protocol), similar to a simplified IKE exchange. Arbitrary user authentication is supported via the use of EAP (the PPP Extensible Authentication Protocol).},
}