[rfc-dist] RFC 4739 on Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol

rfc-editor@rfc-editor.org rfc-editor at rfc-editor.org
Tue Nov 28 15:00:20 PST 2006


A new Request for Comments is now available in online RFC libraries.

        
        RFC 4739

        Title:      Multiple Authentication Exchanges in the 
                    Internet Key Exchange (IKEv2) Protocol 
        Author:     P. Eronen, J. Korhonen
        Status:     Experimental
        Date:       November 2006
        Mailbox:    pasi.eronen at nokia.com, 
                    jouni.korhonen at teliasonera.com
        Pages:      11
        Characters: 22704
        Updates/Obsoletes/SeeAlso:   None

        I-D Tag:    draft-eronen-ipsec-ikev2-multiple-auth-02.txt

        URL:        http://www.rfc-editor.org/rfc/rfc4739.txt

The Internet Key Exchange (IKEv2) protocol supports several
mechanisms for authenticating the parties, including signatures with
public-key certificates, shared secrets, and Extensible
Authentication Protocol (EAP) methods.  Currently, each endpoint uses
only one of these mechanisms to authenticate itself.  This document
specifies an extension to IKEv2 that allows the use of multiple
authentication exchanges, using either different mechanisms or the
same mechanism.  This extension allows, for instance, performing
certificate-based authentication of the client host followed by an
EAP authentication of the user.  When backend authentication servers
are used, they can belong to different administrative domains, such
as the network access provider and the service provider.  This memo 
defines an Experimental Protocol for the Internet community.


EXPERIMENTAL: This memo defines an Experimental Protocol for the Internet 
community. It does not specify an Internet standard of any kind. 
Discussion and suggestions for improvement are requested.  Distribution 
of this memo is unlimited.

This announcement is sent to the IETF list and the RFC-DIST list.
Requests to be added to or deleted from the IETF distribution list
should be sent to IETF-REQUEST at IETF.ORG.  Requests to be
added to or deleted from the RFC-DIST distribution list should
be sent to RFC-DIST-REQUEST at RFC-EDITOR.ORG.

Details on obtaining RFCs via FTP or EMAIL may be obtained by sending
an EMAIL message to rfc-info at RFC-EDITOR.ORG with the message body 

help: ways_to_get_rfcs. For example:

        To: rfc-info at RFC-EDITOR.ORG
        Subject: getting rfcs

        help: ways_to_get_rfcs

Requests for special distribution should be addressed to either the
author of the RFC in question, or to RFC-Manager at RFC-EDITOR.ORG.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.

Submissions for Requests for Comments should be sent to
RFC-EDITOR at RFC-EDITOR.ORG.  Please consult RFC 2223, Instructions to RFC
Authors, for further information.


The RFC Editor Team
USC/Information Sciences Institute

...




More information about the rfc-dist mailing list