Secure Password Framework for Internet Key Exchange Version 2 (IKEv2)
RFC 6467

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>
Subject: Document Action: 'Secure Password Framework for IKEv2' to Informational RFC (draft-kivinen-ipsecme-secure-password-framework-03.txt)

The IESG has approved the following document:
- 'Secure Password Framework for IKEv2'
  (draft-kivinen-ipsecme-secure-password-framework-03.txt) as an
Informational RFC

This document has been reviewed in the IETF but is not the product of an
IETF Working Group.

The IESG contact person is Sean Turner.

A URL of this Internet Draft is:
http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-secure-password-framework/


Technical Summary

   This document creates a generic way for Internet Key
   Exchange (IKEv2) to use any of the symmetric secure
   password authentication methods. There are multiple
   methods already specified in other documents and this
   document does not add new one. This document specifies
   a common way so those methods can agree on which
   method is to be used in current connection. This
   document also provides a common way to transmit secure
   password authentication method specific payloads
   between peers.

Working Group Summary

   The IPsecME working group was chartered to provide
   Internet Key Exchange (IKEv2) a symmetric secure
   password authentication protocol that supports using
   of low-entropy shared secrets, but which is protected
   against off-line dictionary attacks without requiring
   the use of certificates or Extensible Authentication
   Protocol (EAP). There are multiple of such methods and
   working group was supposed to pick one. Unfortunately
   the working group failed to get pick one protocol and
   there are multiple candidates going forward as
   separate documents. As each of those documents used
   different method to negotiate the use of the method
   and also used different payload formats it is very
   hard to try to make implementation where multiple of
   those systems could co-exists. This document provides
   a common way for those secure password methods so they
   can easily co-exist.

   It should be noted that this draft was not universally loved.
   During IETF LC there were a few members of the IPSECME
   working that objected to this draft.  That number is on par with
   the authors of the four drafts in question:  this draft,
   draft-harkins-ipsecme-spsk-auth, draft-shin-augmented-pake,
   and draft-kuegler-ipsecme-pace-ikev2.  This was curious
   because this draft garnered more interest than the three
   mechanism drafts.

Document Quality

   This document does not specify any protocol that can
   be implemented as such, but provides common way for
   secure password methods to do things in IKEv2. There
   is already multiple secure password method documents
   using the common way specified in this document.

Personnel

   Document Shepherd: Tero Kivinen
   Responsible Area Director: Sean Turner
   The IANA Expert for the registries in this document
   is Tero Kivinen.