IKE Challenge/Response for Authenticated Cryptographic Keys (Revised)
draft-harkins-ipsra-crack-00
Document | Type | Expired Internet-Draft (individual) | |
---|---|---|---|
Authors | Dan Harkins , Derrell Piper | ||
Last updated | 2000-08-25 | ||
Stream | (None) | ||
Intended RFC status | (None) | ||
Formats |
Expired & archived
pdf
htmlized (tools)
htmlized
bibtex
|
||
Stream | Stream state | (No stream defined) | |
Consensus Boilerplate | Unknown | ||
RFC Editor Note | (None) | ||
IESG | IESG state | Expired | |
Telechat date | |||
Responsible AD | (None) | ||
Send notices to | (None) |
https://www.ietf.org/archive/id/draft-harkins-ipsra-crack-00.txt
Abstract
This memo describes a new IKE authentication method ([HC98]) which provides for mutual authentication when one side is using a legacy- based secret-key authentication technique such as RADIUS, SecurID, or OTP and the other side is using public-key authentication, with optional digital certificates. The generic protocol described herein is an open-ended IKE phase 1 exchange ([HC98]). The result of this exchange is a mutually authenticated IKE security association ([HC98]). The keys that are derived from this SA are also authenticated and thereby convey this state to any SA's created from it for any other security service, such as IPsec [Pip98].
Authors
Dan Harkins
(dharkins@lounge.org)
Derrell Piper
(ddp@network-alchemy.com)
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)