{"draft":"draft-eronen-ipsec-ikev2-multiple-auth-02","doc_id":"RFC4739","title":"Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol","authors":["P. Eronen","J. Korhonen"],"format":["ASCII","HTML"],"page_count":"11","pub_status":"EXPERIMENTAL","status":"EXPERIMENTAL","source":"IETF - NON WORKING GROUP","abstract":"The Internet Key Exchange (IKEv2) protocol supports several\r\nmechanisms for authenticating the parties, including signatures with\r\npublic-key certificates, shared secrets, and Extensible\r\nAuthentication Protocol (EAP) methods.  Currently, each endpoint uses\r\nonly one of these mechanisms to authenticate itself.  This document\r\nspecifies an extension to IKEv2 that allows the use of multiple\r\nauthentication exchanges, using either different mechanisms or the\r\nsame mechanism.  This extension allows, for instance, performing\r\ncertificate-based authentication of the client host followed by an\r\nEAP authentication of the user.  When backend authentication servers\r\nare used, they can belong to different administrative domains, such\r\nas the network access provider and the service provider.  This memo defines an Experimental Protocol for the Internet community.","pub_date":"November 2006","keywords":["[--------|e]"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC4739","errata_url":null}