Yaron Sheffer wrote:
This draft proposes an IKEv2 extension to allow mutual EAP-based authentication
in IKEv2, eliminating the need for one of the peers to present a certificate.
This applies to a small number of key-generating EAP methods that allow mutual
authentication.
Proposed starting point: http://tools.ietf.org/id/draft-eronen-ipsec-ikev2-eap-auth-07.txt.
Please reply to the list:
I believe that this item is a lower priority than SPSK.
I would like to find a way to find a compromise, but recent discussion
suggests to me that it isn't possible. Those who want an EAP method can
do that work in EMU.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
