Hi, To my knowledge, each EAP method has client and server implementation.
Suppose if there are two gateways: gw1 and gw2, gw1 has EAP client implementation and gw2 has EAP server implementation. Irrespective of IKEv2 acting as initiator or responder, can gw1 act as only EAP client and gw2 act as only EAP server. With this posted draft, is it possible to achieve this functionality. Thanks Jyothi -----Original Message----- From: ipsec-boun...@ietf.org [mailto:ipsec-boun...@ietf.org] On Behalf Of internet-dra...@ietf.org Sent: Tuesday, June 15, 2010 12:45 AM To: i-d-annou...@ietf.org Cc: ipsec@ietf.org Subject: [IPsec] I-D Action:draft-ietf-ipsecme-eap-mutual-04.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the IP Security Maintenance and Extensions Working Group of the IETF. Title : An Extension for EAP-Only Authentication in IKEv2 Author(s) : P. Eronen, et al. Filename : draft-ietf-ipsecme-eap-mutual-04.txt Pages : 15 Date : 2010-06-14 IKEv2 specifies that EAP authentication must be used together with public key signature based responder authentication. This is necessary with old EAP methods that provide only unilateral authentication using, e.g., one-time passwords or token cards. This document specifies how EAP methods that provide mutual authentication and key agreement can be used to provide extensible responder authentication for IKEv2 based on methods other than public key signatures. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ipsecme-eap-mutual-04.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ Below is the data which will enable a MIME compliant mail reader implementation to automatically retrieve the ASCII version of the Internet-Draft. _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
