RFC 7427

This RFC 7427 was published in 2015.


The Internet Key Exchange Version 2 (IKEv2) protocol has limited support for the Elliptic Curve Digital Signature Algorithm (ECDSA).
The current version only includes support for three Elliptic Curve groups, and there is a fixed hash algorithm tied to each group.
This document generalizes IKEv2 signature support to allow any signature method supported by PKIX and also adds signature hash algorithm negotiation.
This is a generic mechanism and is not limited to ECDSA; it can also be used with other signature algorithms.

RFC 7427 introduction

This document adds a new IKEv2 [RFC7296] authentication method to support signature methods in a more general way.
The current signature-based authentication methods in IKEv2 are per algorithm, i.e., there is one for RSA digital signatures, one for DSS digital signatures (using SHA-1), and three for different ECDSA curves, each tied to exactly one hash algorithm.
This design is cumbersome when more signature algorithms, hash algorithms, and elliptic curves need to be supported:

Download links

Click here to download RFC 7427: TXT format PDF format (coming soon)

Related Request for Comments

Popular RFCs

©2015 RFC-Base.org - all rights reserved.