@misc{rfc4739,
    series =    {Request for Comments},
    number =    4739,
    howpublished =  {RFC 4739},
    publisher = {RFC Editor},
    doi =       {10.17487/RFC4739},
    url =       {https://www.rfc-editor.org/info/rfc4739},
    author =    {Jouni Korhonen and Pasi Eronen},
    title =     {{Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol}},
    pagetotal = 11,
    year =      2006,
    month =     nov,
    abstract =  {The Internet Key Exchange (IKEv2) protocol supports several mechanisms for authenticating the parties, including signatures with public-key certificates, shared secrets, and Extensible Authentication Protocol (EAP) methods. Currently, each endpoint uses only one of these mechanisms to authenticate itself. This document specifies an extension to IKEv2 that allows the use of multiple authentication exchanges, using either different mechanisms or the same mechanism. This extension allows, for instance, performing certificate-based authentication of the client host followed by an EAP authentication of the user. When backend authentication servers are used, they can belong to different administrative domains, such as the network access provider and the service provider. This memo defines an Experimental Protocol for the Internet community.},
}