IKE Challenge/Response for Authenticated Cryptographic Keys (Revised)
draft-harkins-ipsra-crack-00
| Document | Type | Expired Internet-Draft (individual) | |
|---|---|---|---|
| Authors | Dan Harkins , Derrell Piper | ||
| Last updated | 2000-08-25 | ||
| Stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats |
Expired & archived
pdf
htmlized (tools)
htmlized
bibtex
|
||
| Stream | Stream state | (No stream defined) | |
| Consensus Boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | |||
| Responsible AD | (None) | ||
| Send notices to | (None) | ||
https://www.ietf.org/archive/id/draft-harkins-ipsra-crack-00.txt
Abstract
This memo describes a new IKE authentication method ([HC98]) which provides for mutual authentication when one side is using a legacy- based secret-key authentication technique such as RADIUS, SecurID, or OTP and the other side is using public-key authentication, with optional digital certificates. The generic protocol described herein is an open-ended IKE phase 1 exchange ([HC98]). The result of this exchange is a mutually authenticated IKE security association ([HC98]). The keys that are derived from this SA are also authenticated and thereby convey this state to any SA's created from it for any other security service, such as IPsec [Pip98].
Authors
Dan Harkins
(dharkins@lounge.org)
Derrell Piper
(ddp@network-alchemy.com)
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)