Hi, we implemented RFC 6023 and it is really useful in some cases. We also implemented RFC 4739.
> Here is the list of experimental RFCs I promised to send to this list: > > Experimental RFCs: > > * Repeated Authentication in IKEv2 RFC 4478 > * Multiple Authentication Exchanges in the IKEv2 RFC 4739 > * IPv6 Configuration in IKEv2 RFC 5739 > * A Childless Initiation of the IKEv2 SA RFC 6023 > * An IKEv2 Extension to Support EAP Re-authentication > Protocol (ERP) RFC 6867 > > The question is that if implementations are using any of those, then > we might want to think whether we should update them from experimental > to someting else. On the other hand if nobody has ever implemented > them and do not see any use for them, perhaps we should consider > marking them as failed experiment. > > In addition to those, we have password authentication protocols: > > * Secure Pre-Shared Key (PSK) Authentication for the IKE RFC 6617 > * Efficient Augmented Password-Only Authentication and Key > Exchange for IKEv2 RFC 6628 > * Password Authenticated Connection Establishment with the > IKEv2 RFC 6631 > > The actual framework for those is informational, as it does not > provide protocol, but we could not agree any of those password > authentication methods to be "standard" so all of them are > experimental. If there are implementations of those out, then please > indicate so. I disagree here. RFC 6467 should also be included into this list. Despite that it doesn't define any concrete PAKE, it provides a foundation for them, and in fact is normatively referenced by RFC 6617 (informatively by the two other, but this looks like their mistake). And it describes a protocol, depicting message exchange and a way to negotiate PAKE. It is a protocol in the same sense as RFC 9242, which also doesn't define the semantics of its messages. Thus, I think it should be included in the list of candidates for promotion. And we did implement it (but none of the PAKEs listed above). Regards, Valery. > -- > [email protected] > > _______________________________________________ > IPsec mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
