Secure Password Framework for Internet Key Exchange Version 2 (IKEv2)
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: RFC Editor <email@example.com> Subject: Document Action: 'Secure Password Framework for IKEv2' to Informational RFC (draft-kivinen-ipsecme-secure-password-framework-03.txt) The IESG has approved the following document: - 'Secure Password Framework for IKEv2' (draft-kivinen-ipsecme-secure-password-framework-03.txt) as an Informational RFC This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Sean Turner. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-secure-password-framework/
Technical Summary This document creates a generic way for Internet Key Exchange (IKEv2) to use any of the symmetric secure password authentication methods. There are multiple methods already specified in other documents and this document does not add new one. This document specifies a common way so those methods can agree on which method is to be used in current connection. This document also provides a common way to transmit secure password authentication method specific payloads between peers. Working Group Summary The IPsecME working group was chartered to provide Internet Key Exchange (IKEv2) a symmetric secure password authentication protocol that supports using of low-entropy shared secrets, but which is protected against off-line dictionary attacks without requiring the use of certificates or Extensible Authentication Protocol (EAP). There are multiple of such methods and working group was supposed to pick one. Unfortunately the working group failed to get pick one protocol and there are multiple candidates going forward as separate documents. As each of those documents used different method to negotiate the use of the method and also used different payload formats it is very hard to try to make implementation where multiple of those systems could co-exists. This document provides a common way for those secure password methods so they can easily co-exist. It should be noted that this draft was not universally loved. During IETF LC there were a few members of the IPSECME working that objected to this draft. That number is on par with the authors of the four drafts in question: this draft, draft-harkins-ipsecme-spsk-auth, draft-shin-augmented-pake, and draft-kuegler-ipsecme-pace-ikev2. This was curious because this draft garnered more interest than the three mechanism drafts. Document Quality This document does not specify any protocol that can be implemented as such, but provides common way for secure password methods to do things in IKEv2. There is already multiple secure password method documents using the common way specified in this document. Personnel Document Shepherd: Tero Kivinen Responsible Area Director: Sean Turner The IANA Expert for the registries in this document is Tero Kivinen.