@techreport{sheffer-ipsecme-ikev2-gtc-02,
    number =    {draft-sheffer-ipsecme-ikev2-gtc-02},
    type =      {Internet-Draft},
    institution =   {Internet Engineering Task Force},
    publisher = {Internet Engineering Task Force},
    note =      {Work in Progress},
    url =       {https://datatracker.ietf.org/doc/draft-sheffer-ipsecme-ikev2-gtc/02/},
    author =    {Yaron Sheffer},
    title =     {{Using EAP-GTC for Simple User Authentication in IKEv2}},
    pagetotal = 9,
    year =      2010,
    month =     feb,
    day =       27,
    abstract =  {Despite many years of effort, simple username-password authentication is still prevalent. In many cases a password is the only credential available to the end user. IKEv2 uses EAP as a sub-protocol for user authentication. This provides a well-specified and extensible architecture. To this day EAP does not provide a simple password- based authentication method. The only existing password authentication methods either require the peer to know the password in advance (EAP-MD5), or are needlessly complex when used within IKEv2 (e.g. PEAP). This document codifies the common practice of using EAP-GTC for this type of authentication, with the goal of achieving maximum interoperability. The various security issues are extensively analyzed.},
}