Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org> Subject: Document Action: 'Multiple Authentication Exchanges in IKEv2' to Experimental RFC The IESG has approved the following document: - 'Multiple Authentication Exchanges in IKEv2 ' <draft-eronen-ipsec-ikev2-multiple-auth-03.txt> as an Experimental RFC This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Russ Housley. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-eronen-ipsec-ikev2-multiple-auth-03.txt
Technical Summary IKEv2 supports several mechanisms for authenticating the parties, including signatures with public-key certificates, shared secrets, and Extensible Authentication Protocol (EAP) methods. Currently, each endpoint uses only one of these mechanisms to authenticate itself. This document specifies an extension to IKEv2 that allows the use of multiple authentication exchanges, either using different mechanisms or the same mechanism. Working Group Summary This document is an individual contribution. However, there was some discussion on the IPsec mail list (from the now closed IPsec WG). The document has been stable for some time. It is also a 3GPP dependency for their "WLAN Interworking - Private Network access from WLAN 3GPP IP Access" work item. Protocol Quality This document was reviewed by Russ Housley for the IESG.