[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ipsec] FW: I-D ACTION:draft-friedman-ike-short-term-certs-00.txt

On Wed, Nov 29, 2006 at 07:16:29PM +0200, Arik Friedman wrote:
>    This document describes an extension to IKEv2 that allows an endpoint
>    to prove to a security gateway that it was already authenticated by
>    another trusted security gateway, thereby allowing the authentication
>    of the endpoint without user intervention.  This is accomplished
>    using a Short Term Credential that the endpoint requests from the
>    authenticating security gateway.  This credential is a certificate
>    issued by the authenticating gateway for a short period of time, and
>    it can be used to authenticate the user with IKE signature based
>    authentication.

Sounds like a ticketing system.

Sounds like Kerberos V (with PKINIT).

Sounds fairly unrelated to IKEv2 and rather specific to PKIX.


Ipsec mailing list