Hi,

I have posted this draft as an individual, informational draft. This issue has been discussed on this list a few years ago, but it still bears some more analysis.

Thanks,

    Yaron

-------- Original Message -------- Subject: Date: From: Reply-To: To:

I-D Action:draft-sheffer-ikev2-gtc-00.txt

Sun, 6 Jul 2008 09:30:01 -0700 (PDT)

Internet-Drafts <at> ietf.org

internet-drafts <at> ietf.org

i-d-announce <at> ietf.org

A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Using EAP-GTC for Simple User Authentication in IKEv2 Author(s) : Y. Sheffer Filename : draft-sheffer-ikev2-gtc-00.txt Pages : 9 Date : 2008-07-06 Despite many years of effort, simple username-password authentication is still prevalent. In many cases a password is the only credential available to the end user. IKEv2 uses EAP as a sub-protocol for user authentication. This provides a well-specified and extensible architecture. To this day EAP does not provide a simple password- based authentication method. The only existing password authentication methods either require the peer to know the password in advance (EAP-MD5), or are needlessly complex when used within IKEv2 (e.g. PEAP). This document codifies the common practice of using EAP-GTC for this type of authentication, with the goal of achieving maximum interoperability. The various security issues are extensively analyzed. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-sheffer-ikev2-gtc-00.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft.

_______________________________________________
IPsec mailing list
IPsec <at> ietf.org
https://www.ietf.org/mailman/listinfo/ipsec