Signature Authentication in the Internet Key Exchange Version 2
RFC 7427, “Signature Authentication in the Internet Key Exchange Version 2”, is a Proposed Standard document published in January 2015 by T. Kivinen, J. Snyder. It updates RFC 7296. The canonical text is published by the RFC Editor.
Abstract
The Internet Key Exchange Version 2 (IKEv2) protocol has limited support for the Elliptic Curve Digital Signature Algorithm (ECDSA). The current version only includes support for three Elliptic Curve groups, and there is a fixed hash algorithm tied to each group. This document generalizes IKEv2 signature support to allow any signature method supported by PKIX and also adds signature hash algorithm negotiation. This is a generic mechanism and is not limited to ECDSA; it can also be used with other signature algorithms.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 7427 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7426 Software-Defined Networking : Layers and Architecture Terminology
- RFC 7428 Transmission of IPv6 Packets over ITU-T G.9959 Networks
- RFC 7429 Distributed Mobility Management: Current Practices and Gap Analysis
- RFC 7424 Mechanisms for Optimizing Link Aggregation Group and Equal- Cost Multipath Component Link Utilization in Networks
- RFC 7430 Analysis of Residual Threats and Possible Fixes for Multipath TCP
- RFC 7431 Multicast-Only Fast Reroute
- RFC 7432 BGP MPLS-Based Ethernet VPN
- RFC 7433 A Mechanism for Transporting User-to-User Call Control Information in SIP