On 07.11.25 16:08, Tero Kivinen wrote: > Here is the list of experimental RFCs I promised to send to this list: > > Experimental RFCs: > > * Repeated Authentication in IKEv2 RFC 4478 > * Multiple Authentication Exchanges in the IKEv2 RFC 4739 > * IPv6 Configuration in IKEv2 RFC 5739 > * A Childless Initiation of the IKEv2 SA RFC 6023 > * An IKEv2 Extension to Support EAP Re-authentication > Protocol (ERP) RFC 6867 > > The question is that if implementations are using any of those, then > we might want to think whether we should update them from experimental > to someting else. On the other hand if nobody has ever implemented > them and do not see any use for them, perhaps we should consider > marking them as failed experiment.
strongSwan implements RFCs 4478, 4739 and 6023. > In addition to those, we have password authentication protocols: > > * Secure Pre-Shared Key (PSK) Authentication for the IKE RFC 6617 > * Efficient Augmented Password-Only Authentication and Key > Exchange for IKEv2 RFC 6628 > * Password Authenticated Connection Establishment with the > IKEv2 RFC 6631 > > The actual framework for those is informational, as it does not > provide protocol, but we could not agree any of those password > authentication methods to be "standard" so all of them are > experimental. If there are implementations of those out, then please > indicate so. Twelve years ago we had two students work on implementing RFCs 6467 and 6631. But we never cleaned up that prototypical code because it required a significant effort and there was not much interest around it. So we currently don't have support for any of these. Regards, Tobias _______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
