Hi, I've published a new draft that allows peers to announce their supported authentication methods during IKE SA establishment. This addresses a potential problem of selecting a wrong authentication method (unsupported by the peer) when multiple of them can be used. This problem is in the ipsecme charter and I believe the draft can be used as a starting point for solving this problem.
Reviews and comments are very welcome. Regards, Valery. -----Original Message----- From: internet-dra...@ietf.org [mailto:internet-dra...@ietf.org] Sent: Friday, March 06, 2020 9:17 AM To: Valery Smyslov Subject: New Version Notification for draft-smyslov-ipsecme-ikev2-auth-announce-00.txt A new version of I-D, draft-smyslov-ipsecme-ikev2-auth-announce-00.txt has been successfully submitted by Valery Smyslov and posted to the IETF repository. Name: draft-smyslov-ipsecme-ikev2-auth-announce Revision: 00 Title: Announcing Supported Authenticating Methods in IKEv2 Document date: 2020-03-06 Group: Individual Submission Pages: 9 URL: https://www.ietf.org/internet-drafts/draft-smyslov-ipsecme-ikev2-auth-announce-00.txt Status: https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-ikev2-auth-announce/ Htmlized: https://tools.ietf.org/html/draft-smyslov-ipsecme-ikev2-auth-announce-00 Htmlized: https://datatracker.ietf.org/doc/html/draft-smyslov-ipsecme-ikev2-auth-announce Abstract: This specification defines a mechanism that allows the Internet Key Exchange version 2 (IKEv2) implementations to indicate the list of supported authenticated methods to their peers while establishing IKEv2 Security Association (SA). This mechanism improves interoperability when IKEv2 partners are configured with multiple different credentials to authenticate each other. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
