{"draft":"draft-kivinen-ipsecme-signature-auth-07","doc_id":"RFC7427","title":"Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)","authors":["T. Kivinen","J. Snyder"],"format":["ASCII","HTML"],"page_count":"18","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"IP Security Maintenance and Extensions","abstract":"The Internet Key Exchange Version 2 (IKEv2) protocol has limited\r\nsupport for the Elliptic Curve Digital Signature Algorithm (ECDSA).\r\nThe current version only includes support for three Elliptic Curve\r\ngroups, and there is a fixed hash algorithm tied to each group.  This\r\ndocument generalizes IKEv2 signature support to allow any signature\r\nmethod supported by PKIX and also adds signature hash algorithm\r\nnegotiation.  This is a generic mechanism and is not limited to\r\nECDSA; it can also be used with other signature algorithms.","pub_date":"January 2015","keywords":["IPsec","IKE","IKEv2","Signature","Authentication","RSA","DSS","DSA","ECDSA","SASSA-PSS","PKIX"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC7296"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC7427","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc7427"}