Begin forwarded message: > From: The IESG <[email protected]> > Subject: Document Action: 'Secure Password Framework for IKEv2' to > Informational RFC (draft-kivinen-ipsecme-secure-password-framework-03.txt) > Date: November 1, 2011 6:20:52 AM PDT > To: IETF-Announce <[email protected]> > Cc: RFC Editor <[email protected]> > > The IESG has approved the following document: > - 'Secure Password Framework for IKEv2' > (draft-kivinen-ipsecme-secure-password-framework-03.txt) as an > Informational RFC > > This document has been reviewed in the IETF but is not the product of an > IETF Working Group. > > The IESG contact person is Sean Turner. > > A URL of this Internet Draft is: > http://datatracker.ietf.org/doc/draft-kivinen-ipsecme-secure-password-framework/ > > > > > Technical Summary > > This document creates a generic way for Internet Key > Exchange (IKEv2) to use any of the symmetric secure > password authentication methods. There are multiple > methods already specified in other documents and this > document does not add new one. This document specifies > a common way so those methods can agree on which > method is to be used in current connection. This > document also provides a common way to transmit secure > password authentication method specific payloads > between peers. > > Working Group Summary > > The IPsecME working group was chartered to provide > Internet Key Exchange (IKEv2) a symmetric secure > password authentication protocol that supports using > of low-entropy shared secrets, but which is protected > against off-line dictionary attacks without requiring > the use of certificates or Extensible Authentication > Protocol (EAP). There are multiple of such methods and > working group was supposed to pick one. Unfortunately > the working group failed to get pick one protocol and > there are multiple candidates going forward as > separate documents. As each of those documents used > different method to negotiate the use of the method > and also used different payload formats it is very > hard to try to make implementation where multiple of > those systems could co-exists. This document provides > a common way for those secure password methods so they > can easily co-exist. > > It should be noted that this draft was not universally loved. > During IETF LC there were a few members of the IPSECME > working that objected to this draft. That number is on par with > the authors of the four drafts in question: this draft, > draft-harkins-ipsecme-spsk-auth, draft-shin-augmented-pake, > and draft-kuegler-ipsecme-pace-ikev2. This was curious > because this draft garnered more interest than the three > mechanism drafts. > > Document Quality > > This document does not specify any protocol that can > be implemented as such, but provides common way for > secure password methods to do things in IKEv2. There > is already multiple secure password method documents > using the common way specified in this document. > > Personnel > > Document Shepherd: Tero Kivinen > Responsible Area Director: Sean Turner > The IANA Expert for the registries in this document > is Tero Kivinen. > > > > _______________________________________________ > IETF-Announce mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ietf-announce
_______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
