Hello,
SSH NQX implements RFC6023 as an optimization to separate IPsec SA key
material from IKE SA key material instead of performing immediate rekey
after creating initial IKE SA.
Tero Mononen <[email protected]> +358 40 541 2580
Principal Engineer, Cryptography and Protocols, SSH Communications Security Oyj
On 07/11/2025 18:45, Daniel Van Geest wrote:
ANSSI's IPSEC DR profile requires RFC 6023:
https://cyber.gouv.fr/publications/corpus-documentaire-ipsec-dr-destination-des-industriels-version-10
On 2025-11-07 10:08 a.m., Tero Kivinen wrote:
Here is the list of experimental RFCs I promised to send to this list:
Experimental RFCs:
* Repeated Authentication in IKEv2 RFC 4478
* Multiple Authentication Exchanges in the IKEv2 RFC 4739
* IPv6 Configuration in IKEv2 RFC 5739
* A Childless Initiation of the IKEv2 SA RFC 6023
* An IKEv2 Extension to Support EAP Re-authentication
Protocol (ERP) RFC 6867
The question is that if implementations are using any of those, then
we might want to think whether we should update them from experimental
to someting else. On the other hand if nobody has ever implemented
them and do not see any use for them, perhaps we should consider
marking them as failed experiment.
In addition to those, we have password authentication protocols:
* Secure Pre-Shared Key (PSK) Authentication for the IKE RFC 6617
* Efficient Augmented Password-Only Authentication and Key
Exchange for IKEv2 RFC 6628
* Password Authenticated Connection Establishment with the
IKEv2 RFC 6631
The actual framework for those is informational, as it does not
provide protocol, but we could not agree any of those password
authentication methods to be "standard" so all of them are
experimental. If there are implementations of those out, then please
indicate so.
_______________________________________________
IPsec mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
IPsec mailing list -- [email protected]
To unsubscribe send an email to [email protected]
