An Extension for EAP-Only Authentication in IKEv2
RFC 5998, “An Extension for EAP-Only Authentication in IKEv2”, is a Proposed Standard document published in September 2010 by P. Eronen, H. Tschofenig, Y. Sheffer. It updates RFC 5996. The canonical text is published by the RFC Editor.
Abstract
IKEv2 specifies that Extensible Authentication Protocol (EAP) authentication must be used together with responder authentication based on public key signatures. This is necessary with old EAP methods that provide only unilateral authentication using, e.g., one- time passwords or token cards.
This document specifies how EAP methods that provide mutual authentication and key agreement can be used to provide extensible responder authentication for IKEv2 based on methods other than public key signatures. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 5998 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 5997 Use of Status-Server Packets in the Remote Authentication Dial In User Service Protocol
- RFC 5996 Internet Key Exchange Protocol Version 2
- RFC 5995 Using POST to Add Members to Web Distributed Authoring and Versioning Collections
- RFC 6001 Generalized MPLS Protocol Extensions for Multi-Layer and Multi-Region Networks
- RFC 5994 Application of Ethernet Pseudowires to MPLS Transport Networks
- RFC 6002 Generalized MPLS Data Channel Switching Capable and Channel Set Label Extensions
- RFC 5993 RTP Payload Format for Global System for Mobile Communications Half Rate
- RFC 6003 Ethernet Traffic Parameters