IKEv2-Derived Shared Secret Key for the One-Way Active Measurement Protocol and Two-Way Active Measurement Protocol
RFC 7717, “IKEv2-Derived Shared Secret Key for the One-Way Active Measurement Protocol and Two-Way Active Measurement Protocol”, is a Proposed Standard document published in December 2015 by K. Pentikousis, E. Zhang, Y. Cui. It updates RFC 4656, RFC 5357. The canonical text is published by the RFC Editor.
Abstract
The One-Way Active Measurement Protocol (OWAMP) and Two-Way Active Measurement Protocol (TWAMP) security mechanisms require that both the client and server endpoints possess a shared secret. This document describes the use of keys derived from an IKEv2 security association (SA) as the shared key in OWAMP or TWAMP. If the shared key can be derived from the IKEv2 SA, OWAMP or TWAMP can support certificate-based key exchange; this would allow for more operational flexibility and efficiency. The key derivation presented in this document can also facilitate automatic key management.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 7717 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7716 Global Table Multicast with BGP Multicast VPN Procedures
- RFC 7718 Registries for the One-Way Active Measurement Protocol
- RFC 7719 DNS Terminology
- RFC 7714 AES-GCM Authenticated Encryption in the Secure Real-time Transport Protocol
- RFC 7720 DNS Root Name Service Protocol and Deployment Requirements
- RFC 7713 Congestion Exposure Concepts, Abstract Mechanism, and Requirements
- RFC 7712 Domain Name Associations in the Extensible Messaging and Presence Protocol
- RFC 7722 Multi-Topology Extension for the Optimized Link State Routing Protocol Version 2