[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

I-D ACTION:draft-ietf-ipsec-isakmp-hybrid-auth-05.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Protocol Working Group of the IETF.

	Title		: A Hybrid Authentication Mode for IKE
	Author(s)	: M. Litvin, R. Shamir, T. Zegman
	Filename	: draft-ietf-ipsec-isakmp-hybrid-auth-05.txt
	Pages		: 10
	Date		: 10-Aug-00
This document describes a set of new authentication methods to be
used within Phase 1 of the Internet Key Exchange (IKE). The proposed
methods assume an asymmetry between the authenticating entities. One
entity, typically an Edge Device (e.g. firewall), authenticates using
standard public key techniques (in signature mode), while the other
entity, typically a remote User, authenticates using challenge
response techniques. These authentication methods are used to
establish, at the end of Phase 1, an IKE SA which is unidirectionally
authenticated. To make this IKE bi-directionally authenticated, this
Phase 1 is immediately followed by an X-Auth Exchange [XAUTH]. The
X-Auth Exchange is used to authenticate the remote User. The use of
these authentication methods is referred to as Hybrid Authentication
This proposal is designed to provide a solution for environments
where a legacy authentication system exists, yet a full public key
infrastructure is not deployed.

A URL for this Internet-Draft is:

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-ipsec-isakmp-hybrid-auth-05.txt".

A list of Internet-Drafts directories can be found in
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

Internet-Drafts can also be obtained by e-mail.

Send a message to:
In the body type:
	"FILE /internet-drafts/draft-ietf-ipsec-isakmp-hybrid-auth-05.txt".
NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the

No recognizable part in multipart/alternative.