[IPsec] Fwd: Document Action: 'Secure Password Framework for IKEv2' to Informational RFC (draft-kivinen-ipsecme-secure-password-framework-03.txt)
Paul Hoffman <paul.hoffman@vpnc.org> Thu, 03 November 2011 14:19 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 452D31F0C65 for <ipsec@ietfa.amsl.com>; Thu, 3 Nov 2011 07:19:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.589
X-Spam-Level:
X-Spam-Status: No, score=-102.589 tagged_above=-999 required=5 tests=[AWL=0.010, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V-JJC56zy-hi for <ipsec@ietfa.amsl.com>; Thu, 3 Nov 2011 07:19:01 -0700 (PDT)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id 9E9E81F0C5A for <ipsec@ietf.org>; Thu, 3 Nov 2011 07:19:01 -0700 (PDT)
Received: from [10.20.30.100] (50-0-66-4.dsl.dynamic.fusionbroadband.com [50.0.66.4]) (authenticated bits=0) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id pA3EJ0Ml086932 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <ipsec@ietf.org>; Thu, 3 Nov 2011 07:19:01 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
From: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 03 Nov 2011 07:19:01 -0700
References: <20111101132052.3701.7511.idtracker@ietfa.amsl.com>
To: IPsecme WG <ipsec@ietf.org>
Message-Id: <B3ED775B-CB05-45C9-8524-DC2DD961FB55@vpnc.org>
Mime-Version: 1.0 (Apple Message framework v1251.1)
X-Mailer: Apple Mail (2.1251.1)
Subject: [IPsec] Fwd: Document Action: 'Secure Password Framework for IKEv2' to Informational RFC (draft-kivinen-ipsecme-secure-password-framework-03.txt)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2011 14:19:02 -0000
Begin forwarded message: > From: The IESG <iesg-secretary@ietf.org> > Subject: Document Action: 'Secure Password Framework for IKEv2' to Informational RFC (draft-kivinen-ipsecme-secure-password-framework-03.txt) > Date: November 1, 2011 6:20:52 AM PDT > To: IETF-Announce <ietf-announce@ietf.org> > Cc: RFC Editor <rfc-editor@rfc-editor.org> > > The IESG has approved the following document: > - 'Secure Password Framework for IKEv2' > (draft-kivinen-ipsecme-secure-password-framework-03.txt) as an > Informational RFC > > This document has been reviewed in the IETF but is not the product of an > IETF Working Group. > > The IESG contact person is Sean Turner. > > A URL of this Internet Draft is: > http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-secure-password-framework/ > > > > > Technical Summary > > This document creates a generic way for Internet Key > Exchange (IKEv2) to use any of the symmetric secure > password authentication methods. There are multiple > methods already specified in other documents and this > document does not add new one. This document specifies > a common way so those methods can agree on which > method is to be used in current connection. This > document also provides a common way to transmit secure > password authentication method specific payloads > between peers. > > Working Group Summary > > The IPsecME working group was chartered to provide > Internet Key Exchange (IKEv2) a symmetric secure > password authentication protocol that supports using > of low-entropy shared secrets, but which is protected > against off-line dictionary attacks without requiring > the use of certificates or Extensible Authentication > Protocol (EAP). There are multiple of such methods and > working group was supposed to pick one. Unfortunately > the working group failed to get pick one protocol and > there are multiple candidates going forward as > separate documents. As each of those documents used > different method to negotiate the use of the method > and also used different payload formats it is very > hard to try to make implementation where multiple of > those systems could co-exists. This document provides > a common way for those secure password methods so they > can easily co-exist. > > It should be noted that this draft was not universally loved. > During IETF LC there were a few members of the IPSECME > working that objected to this draft. That number is on par with > the authors of the four drafts in question: this draft, > draft-harkins-ipsecme-spsk-auth, draft-shin-augmented-pake, > and draft-kuegler-ipsecme-pace-ikev2. This was curious > because this draft garnered more interest than the three > mechanism drafts. > > Document Quality > > This document does not specify any protocol that can > be implemented as such, but provides common way for > secure password methods to do things in IKEv2. There > is already multiple secure password method documents > using the common way specified in this document. > > Personnel > > Document Shepherd: Tero Kivinen > Responsible Area Director: Sean Turner > The IANA Expert for the registries in this document > is Tero Kivinen. > > > > _______________________________________________ > IETF-Announce mailing list > IETF-Announce@ietf.org > https://www.ietf.org/mailman/listinfo/ietf-announce
- [IPsec] Fwd: Document Action: 'Secure Password Fr… Paul Hoffman