IETF Logo Mail Archive

[IPsec] Proposed work item: EAP-only authentication in IKEv2

Yaron Sheffer <yaronf@checkpoint.com> Sun, 29 November 2009 17:22 UTC

Return-Path: <yaronf@checkpoint.com>
X-Original-To: ipsec@core3.amsl.com
Delivered-To: ipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id CE2E43A6970 for <ipsec@core3.amsl.com>; Sun, 29 Nov 2009 09:22:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.524
X-Spam-Level:
X-Spam-Status: No, score=-3.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J6j8WPv9K9JF for <ipsec@core3.amsl.com>; Sun, 29 Nov 2009 09:22:46 -0800 (PST)
Received: from michael.checkpoint.com (michael.checkpoint.com [194.29.32.68]) by core3.amsl.com (Postfix) with ESMTP id D71903A6916 for <ipsec@ietf.org>; Sun, 29 Nov 2009 09:22:44 -0800 (PST)
Received: from il-ex01.ad.checkpoint.com (localhost [127.0.0.1]) by michael.checkpoint.com (8.12.10+Sun/8.12.10) with ESMTP id nATHMbGo025794 for <ipsec@ietf.org>; Sun, 29 Nov 2009 19:22:37 +0200 (IST)
Received: from il-ex01.ad.checkpoint.com ([126.0.0.2]) by il-ex01.ad.checkpoint.com ([126.0.0.2]) with mapi; Sun, 29 Nov 2009 19:22:43 +0200
From: Yaron Sheffer <yaronf@checkpoint.com>
To: "ipsec@ietf.org" <ipsec@ietf.org>
Date: Sun, 29 Nov 2009 19:18:31 +0200
Thread-Topic: Proposed work item: EAP-only authentication in IKEv2
Thread-Index: AcpxEw2BkfQRvohJSsu1ldV7KkNLtw==
Message-ID: <7F9A6D26EB51614FBF9F81C0DA4CFEC801BDF88E04EE@il-ex01.ad.checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="windows-1255"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [IPsec] Proposed work item: EAP-only authentication in IKEv2
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Nov 2009 17:22:46 -0000

This draft proposes an IKEv2 extension to allow mutual EAP-based authentication in IKEv2, eliminating the need for one of the peers to present a certificate. This applies to a small number of key-generating EAP methods that allow mutual authentication.
 
Proposed starting point: http://tools.ietf.org/id/draft-eronen-ipsec-ikev2-eap-auth-07.txt.
 
Please reply to the list:
 
- If this proposal is accepted as a WG work item, are you committing to review multiple versions of the draft?
- Are you willing to contribute text to the draft?
- Would you like to co-author it?
 
Please also reply to the list if:
 
- You believe this is NOT a reasonable activity for the WG to spend time on.
 
If this is the case, please explain your position. Do not explore the fine technical details (which will change anyway, once the WG gets hold of the draft); instead explain why this is uninteresting for the WG or for the industry at large. Also, please mark the title clearly (e.g. "DES40-export in IPsec - NO!").

v2.23.0 | Report a Bug | By Email