IKE Challenge/Response for Authenticated Cryptographic Keys (Revised)
draft-harkins-ipsra-crack-00

Document Type Expired Internet-Draft (individual)
Authors Dan Harkins  , Derrell Piper 
Last updated 2000-08-25
Stream (None)
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-harkins-ipsra-crack-00.txt

Abstract

This memo describes a new IKE authentication method ([HC98]) which provides for mutual authentication when one side is using a legacy- based secret-key authentication technique such as RADIUS, SecurID, or OTP and the other side is using public-key authentication, with optional digital certificates. The generic protocol described herein is an open-ended IKE phase 1 exchange ([HC98]). The result of this exchange is a mutually authenticated IKE security association ([HC98]). The keys that are derived from this SA are also authenticated and thereby convey this state to any SA's created from it for any other security service, such as IPsec [Pip98].

Authors

Dan Harkins (dharkins@lounge.org)
Derrell Piper (ddp@network-alchemy.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)