[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
EAP without public key authentication
Hi,
The current IKEv2 draft (-12) specifies that EAP must be used
together with public key signature based responder authentication.
To avoid delaying the IKEv2 base spec any further, I and Hannes wrote
a separate draft outlining how EAP methods that provide mutual
authentication and key agreement could be used to provide extensible
responder authentication for IKEv2 based on other methods than
public-key signatures, and what security implications this has.
This is meant as a starting point for discussion, so comments
are very welcome!
http://www.ietf.org/internet-drafts/draft-eronen-ipsec-ikev2-eap-auth-00.txt
Best regards,
Pasi