Technical Summary
This document creates a generic way for Internet Key
Exchange (IKEv2) to use any of the symmetric secure
password authentication methods. There are multiple
methods already specified in other documents and this
document does not add new one. This document specifies
a common way so those methods can agree on which
method is to be used in current connection. This
document also provides a common way to transmit secure
password authentication method specific payloads
between peers.
Working Group Summary
The IPsecME working group was chartered to provide
Internet Key Exchange (IKEv2) a symmetric secure
password authentication protocol that supports using
of low-entropy shared secrets, but which is protected
against off-line dictionary attacks without requiring
the use of certificates or Extensible Authentication
Protocol (EAP). There are multiple of such methods and
working group was supposed to pick one. Unfortunately
the working group failed to get pick one protocol and
there are multiple candidates going forward as
separate documents. As each of those documents used
different method to negotiate the use of the method
and also used different payload formats it is very
hard to try to make implementation where multiple of
those systems could co-exists. This document provides
a common way for those secure password methods so they
can easily co-exist.
It should be noted that this draft was not universally loved.
During IETF LC there were a few members of the IPSECME
working that objected to this draft. That number is on par with
the authors of the four drafts in question: this draft,
draft-harkins-ipsecme-spsk-auth, draft-shin-augmented-pake,
and draft-kuegler-ipsecme-pace-ikev2. This was curious
because this draft garnered more interest than the three
mechanism drafts.
Document Quality
This document does not specify any protocol that can
be implemented as such, but provides common way for
secure password methods to do things in IKEv2. There
is already multiple secure password method documents
using the common way specified in this document.
Personnel
Document Shepherd: Tero Kivinen
Responsible Area Director: Sean Turner
The IANA Expert for the registries in this document
is Tero Kivinen.