RFC 4739

Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol, November 2006

Canonical URL:
https://www.rfc-editor.org/rfc/rfc4739.txt
File formats:
Plain TextPDF
Status:
EXPERIMENTAL
Authors:
P. Eronen
J. Korhonen
Stream:
IETF
Source:
NON WORKING GROUP

Cite this RFC: TXT  |  XML

DOI:  10.17487/RFC4739

Discuss this RFC: Send questions or comments to iesg@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF


Abstract

The Internet Key Exchange (IKEv2) protocol supports several mechanisms for authenticating the parties, including signatures with public-key certificates, shared secrets, and Extensible Authentication Protocol (EAP) methods. Currently, each endpoint uses only one of these mechanisms to authenticate itself. This document specifies an extension to IKEv2 that allows the use of multiple authentication exchanges, using either different mechanisms or the same mechanism. This extension allows, for instance, performing certificate-based authentication of the client host followed by an EAP authentication of the user. When backend authentication servers are used, they can belong to different administrative domains, such as the network access provider and the service provider. This memo defines an Experimental Protocol for the Internet community.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 4844.


Download PDF Reader