I-D Action:draft-padmakumar-ikev2-redirect-and-auth-offload-01.txt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A New Internet-Draft is available from the on-line Internet-Drafts directories.

	Title           : IKEv2 Redirect and Authentication Offload
	Author(s)       : A. Padmakumar, et al.
	Filename        : draft-padmakumar-ikev2-redirect-and-auth-offload-01.txt
	Pages           : 17
	Date            : 2009-07-27

IKEv2 supports multiple authentication mechanisms like public key
signatures, shared secrets and EAP.  EAP based authentication
requires server to maintain information about the client until EAP
completes.  Public key based authentication mechanisms are highly
computational intensive and demands server CPU resources.

Redirect Mechanism for IKEv2 proposes a mechanism for IKEv2 that
enables a VPN gateway to redirect the VPN client to another VPN
gateway, for example, based on the load condition.

Redirect mechanism can also be used to redirect a client to another
router (trust anchor) to do mutual authentication on behalf of the
server.  This redirection happens during the IKE_SA_INIT and server
does not maintain any information about the redirected client.  After
mutual authentication Trust anchor can redirect the client back to
the server with an Access Token which can be used as a dynamic pre-
shared key between the server and client for password based IKE_AUTH
exchange.  Mechanism described here allows servers to compute the
same pre-shared key dynamically, without contacting trust anchors,
based on the information provided by the client during IKE_AUTH
exchange.  Such a mechanism is useful especially for low power
devices like handsets.  For example, a mobile node can redirect such
authentications to its home agent.  This proposal explains a
mechanism to offload such verifications to a set of less critical
routers or to a service provider who offers trust as a service.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-padmakumar-ikev2-redirect-and-auth-offload-01.txt

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
<ftp://ftp.ietf.org/internet-drafts/draft-padmakumar-ikev2-redirect-and-auth-offload-01.txt>
_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
[Index of Archives]     [IETF]     [IETF Discussion]     [Linux Kernel]

  Powered by Linux