Editing Extensible Authentication Protocol (section)

===EAP Internet Key Exchange v. 2 (EAP-IKEv2)===
EAP Internet Key Exchange v. 2 (EAP-IKEv2) is an EAP method based on the [[Internet Key Exchange]] protocol version 2 (IKEv2). It provides mutual authentication and session key establishment between an EAP peer and an EAP server. It supports authentication techniques that are based on the following types of credentials:
;Asymmetric key pairs: Public/private key pairs where the public key is embedded into a [[digital certificate]], and the corresponding [[private key]] is known only to a single party.
;Passwords: Low-[[Information entropy|entropy]] bit strings that are known to both the server and the peer.
;Symmetric keys: High-entropy bit strings that are known to both the server and the peer.

It is possible to use a different authentication [[credential]] (and thereby technique) in each direction. For example, the EAP server authenticates itself using public/private key pair and the EAP peer using symmetric key. However, not all of the nine theoretical combinations are expected in practice. Specifically, the standard {{IETF RFC|5106}} lists four use cases: The server authenticating with an asymmetric key pair while the client uses any of the three methods; and that both sides use a symmetric key.

EAP-IKEv2 is described in {{IETF RFC|5106}}, and a [http://eap-ikev2.sourceforge.net prototype implementation] exists.