Implemented Standards
(Redirected from RFC List)
Jump to navigation
Jump to search
The following table lists the RFCs, drafts and standards related to IKE and IPsec. An overview of IKE and IPsec related RFC's is available in RFC 6071.
Implementation status can be: implemented (yes, vX.X), planned (p), not implemented (-), will not be implemented (X) and work in progress (wip)
All the standards, including drafts can be found at IP Security Maintenance and Extensions
IKEv2 RFC 7296
| Standard | Description | Status | Comments |
|---|---|---|---|
| RFC 9478 | Labeled IPsec Traffic Selector support for IKEv2 | v4.4 | |
| RFC 9464 | Configuration for Encrypted DNS | ||
| RFC 9370 | Intermediate Exchange in the IKEv2 Protocol | aka IKE_INTERMEDIATE + IKE_FOLLOWUP_KE | |
| RFC 9347 | Aggregation and Fragmentation Mode for Encapsulating Security Payload (ESP) and Its Use for IP Traffic Flow Security (IP-TFS) | p | |
| RFC 9242 | Intermediate Exchange in the IKEv2 Protocol | v | aka IKE_INTERMEDIATE |
| RFC 8784 | Postquantum Preshared Keys for IKEv2 | v3.25 | |
| RFC 8420 | Using the Edwards-Curve Digital Signature Algorithm (EdDSA) in the Internet Key Exchange Protocol Version 2 (IKEv2) | wip | Code is available in a branch, but requires NSS patches - waiting on NSS merge before merging into libreswan |
| RFC 8247 | Algorithm Implementation Requirements and Usage Guidance for the Internet Key Exchange Protocol Version 2 (IKEv2) | v | |
| RFC 8229 | TCP Encapsulation of IKE and IPsec Packets | v4.0 | IKE over TCP implemented and IKE over ESP supported on Linux 5.6+ kernels. Does not currently support IKE/ESP over TLS |
| RFC 8019 | Protecting Internet Key Exchange Protocol Version 2 (IKEv2) Implementations from Distributed Denial-of-Service Attacks | - | |
| RFC 7815 | Minimal Internet Key Exchange Version 2 (IKEv2) Initiator Implementation | X | This is a really just a subset of IKEv2 RFC 7296 |
| RFC 7670 | Generic Raw Public-Key Support for IKEv2 | p | raw RSA public keys are supported using the core IKE RFCs |
| RFC 7651 | 3GPP IP Multimedia Subsystems (IMS) Option for the Internet Key Exchange Protocol Version 2 (IKEv2) | - | |
| RFC 7634 | ChaCha20, Poly1305, and Their Use in the IKE Protocol and IPsec | v3.26 | |
| RFC 7619 | The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2) | v | |
| RFC 7427 | Signature Authentication in the Internet Key Exchange Version 2 (IKEv2) | v | a.k.a. DIGSIG Implementation supports RSS-PSS (v3.26) and ECDSA(v3.26) and RSA-v1.5 (v4.7) |
| RFC 7383 | Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation | v | |
| RFC 7296 | Internet Key Exchange Protocol Version 2 (IKEv2) | v | Obsoletes RFC 5996 and RFC 4718 |
| RFC 6989 | Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2) | N/A | This work is or needs to be done inside the nss library |
| RFC 6954 | Using the Elliptic Curve Cryptography (ECC) Brainpool Curves for the Internet Key Exchange Protocol Version 2 (IKEv2) | - | |
| RFC 6932 | Brainpool Elliptic Curves for the IKE Group Description Registry | - | |
| RFC 6867 | An Internet Key Exchange Protocol Version 2 (IKEv2) Extension to Support EAP Re-authentication Protocol (ERP) | - | |
| RFC 6631 | Password Authenticated Connection Establishment with IKEv2 | - | |
| RFC 6628 | Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2 | - | |
| RFC 6617 | Secure Pre-Shared Key (PSK) Authentication for the Internet Key Exchange Protocol (IKE) | - | |
| RFC 6467 | Secure Password Framework for IKEv2 | - | |
| RFC 6311 | Protocol Support for High Availability of IKEv2/IPsec | - | |
| RFC 6290 | A Quick Crash Detection Method for the Internet Key Exchange Protocol (IKE) | p | |
| RFC 6027 | IPsec Cluster Problem Statement | N/A | |
| RFC 6023 | A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security Association (SA) | - | |
| RFC 5998 | An Extension for EAP-only Authentication in IKEv2 | wip | |
| RFC 5930 | Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol | v | |
| RFC 5903 | ECP Groups for IKE and IKEv2 | v | |
| RFC 5857 | IKEv2 Extensions to Support Robust Header Compression over IPsec | - | |
| RFC 5739 | IPv6 Configuration in Internet Key Exchange Protocol Version 2 (IKEv2) | - | |
| RFC 5723 | Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption | wip | |
| RFC 5685 | Redirect Mechanism for IKEv2 | v3.28 | |
| RFC 5282 | Using Authenticated Encryption Algorithms with the Encrypted Payload of the IKEv2 Protocol | v | Only AES_GCM is implemented. AES_CCM requires support in the nss library |
| RFC 5026 | Mobile IPv6 Bootstrapping in Split Scenario | - | |
| RFC 4806 | Online Certificate Status Protocol (OCSP) Extensions to IKEv2 | - | Regular OCSP fetching outside of IKE is supported. |
| RFC 4754 | IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA) | p | Needs to be interop tested with Microsoft, see https://github.com/libreswan/libreswan/issues/659 |
| RFC 4739 | Multiple Authentication Exchanges in the IKEv2 Protocol | p | |
| RFC 4621 | Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol | N/A | |
| RFC 4615 | The AES-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for IKE | p | CMAC is supoorted as INTEG (for ESP/IKE) but not as PRF(for IKE) - this is pending support in the NSS library. |
| RFC 4595 | Use of IKEv2 in the Fibre Channel Security Association Management Protocol | - | |
| RFC 4555 | IKEv2 Mobility and Multihoming Protocol (MOBIKE) | v | "Additional Addresses" not supported |
| RFC 4478 | Repeated Authentication in Internet Key Exchange (IKEv2) Protocol | p | |
| RFC 4307 | Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2) | v | Obsoleted by RFC 8247 |
| draft-brunner-ikev2-mediation | IKEv2 Mediation Extension | - | |
| draft-laganier-ike-ipv6-cga | Using IKE with IPv6 Cryptographically Generated Addresses | - | |
| draft-ietf-ipsecme-split-dns | Split DNS Configuration for IKEv2 | p | INTERNAL_DOMAIN implemented, INTERNAL_TA_DNSSEC not yet implemented |
| draft-ietf-ipsecme-ikev2-auth-announce | Announcing Supported Authentication Methods in IKEv2 | Internet-Draft | |
| draft-pwouters-ipsecme-multi-sa-performance | IKEv2 support for per-queue Child SAs | Internet-Draft | |
| draft-smyslov-ipsecme-ikev2-qr-alt | Alternative Approach for Mixing Preshared Keys in IKEv2 for Post-quantum Security | Internet-Draft | |
| draft-ietf-ipsecme-ikev2-sa-ts-payloads-opt | IKEv2 Optional SA&TS Payloads in Child Exchange | Internet-Draft |
IKEv1
| Standard | Description | Status | Comments |
|---|---|---|---|
| RFC 4304 | Extended Sequence Number (ESN) Addendum to IPsec Domain of Interpretation (DOI) for Internet Security Association and Key Management Protocol (ISAKMP) | ||
| RFC 3947 | Negotiation of NAT-Traversal in the IKE | v | known as "NATT" or "ESPinUDP" |
| RFC 3706 | A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers | v | known as "DPD"; IKEv2's equivalent is "liveness" |
| RFC 3526 | More Modular Exponential (MODP) Diffie-Hellman groups | v | |
| RFC 2409 | Internet Key Exchange (IKE) | v | Revised Mode not implemented |
| RFC 2408 | Internet Security Association and Key Management Protocol (ISAKMP) | v | |
| RFC 2407 | IPsec Domain of Interpretation for ISAKMP (IPsec DoI) | v | |
| draft-dukes-ike-mode-cfg | The ISAKMP Configuration Method | v | |
| draft-ietf-ipsec-isakmp-xauth | Extended Authentication within ISAKMP/Oakley (XAUTH) | v | |
| draft-jenkins-ipsec-rekeying | IPsec Re-keying Issues | v | Implementation differs on some point but accomplishes the same |
| draft-ietf-ipsec-isakmp-hybrid-auth | A Hybrid Authentication Mode for IKE | X |
IPsec
| Standard | Description | Status | Comments |
|---|---|---|---|
| RFC 4302 | IP Authentication Header (AH) | v | Obsoletes: 2402 |
| RFC 4303 | IP Encapsulating Security Payload (ESP) | v | Obsoletes: 2406 |
| RFC 8750 | Implicit Initialization Vector (IV) for Counter-Based Ciphers in Encapsulating Security Payload (ESP) | - | |
| RFC 8221 | Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH) | v | Obsoletes RFC 7321 |
| RFC 7321 | Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH) | v | Obsoleted by RFC 8221 |
| RFC 7018 | Auto-Discovery VPN Problem Statement and Requirements | N/A | |
| RFC 6479 | IPsec Anti-Replay Algorithm without Bit Shifting | ? | |
| RFC 6379 | Suite B Cryptographic Suites for IPsec | v | Not all ciphers are implemented |
| RFC 6380 | Suite B Profile for Internet Protocol Security (IPsec) | v | |
| RFC 5879 | Heuristics for Detecting ESP-NULL Packets | N/A | |
| RFC 5840 | Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility | X | |
| RFC 5660 | IPsec Channels: Connection Latching | X | |
| RFC 5529 | Modes of Operation for Camellia for Use with IPsec | v | |
| RFC 5114 | Additional Diffie-Hellman Groups for Use with IETF Standards | v | Only DH22,23,24 - remainder planned |
| RFC 4868 | Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec | v | |
| RFC 4543 | The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH | X | Kernel support is availble, ike support is not |
| RFC 4494 | The AES-CMAC-96 Algorithm and Its Use with IPsec | X | |
| RFC 4309 | Using Advanced Encryption Standard (AES) CCM Mode with IPsec ESP | v | |
| RFC 4308 | Cryptographic Suites for IPsec | ||
| RFC 4304 | Extended Sequence Number (ESN) Addendum to IPsec DOI for ISAKMP | v | |
| RFC 4303 | IP Encapsulating Security Payload (ESP) | v | Obsoletes: 2406 |
| RFC 4302 | IP Authentication Header (AH) | v | Obsoletes: 2402 |
| RFC 4301 | Security Architecture for the Internet Protocol | v | |
| RFC 4106 | The Use of Galois/Counter Mode (GCM) in IPsec ESP | v | |
| RFC 3948 | UDP Encapsulation of IPsec ESP Packets | v | |
| RFC 3686 | Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP) | v | |
| RFC 3602 | The AES-CBC Cipher Algorithm and Its Use with IPsec | v | |
| RFC 2451 | The ESP CBC-Mode Cipher Algorithms | v | |
| RFC 2410 | The NULL Encryption Algorithm and Its Use With IPsec | v | |
| draft-antony-ipsecme-oppo-nat | NAT-Traversal support for Opportunistic IPsec | v | Experimental |
| draft-nikander-esp-beet-mode | A Bound End-to-End Tunnel (BEET) mode for ESP | X | Never ratified, but it is the scenario where a Linux kernel state's selector does not match the state's src/dst address. |
EAP
| Standard | Description | Status | Comments |
|---|---|---|---|
| RFC-9190 | EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3 | v4.7 | |
| RFC-5998 | An Extension for EAP-Only Authentication in IKEv2 | v4.7? | |
| RFC-5216 | The EAP-TLS Authentication Protocol | Updated by RFC-9190 | |
| RFC-3748 | Extensible Authentication Protocol (EAP) | ||
| RFC-2716 | PPP EAP TLS Authentication Protocol | Obsoleted by RFC-5216 |
PF KEY V2
- most BSD derived systems implement a flavour of PF KEY v2 using the KAME code base as a starting point
- even Linux, which implements XFRM, has borrowed concepts from PF KEY v2
| Standard | Description | Status | Comments |
|---|---|---|---|
| RFC-2367 | PF_KEY Key Management API, Version 2 | v4.7 | SADB messages to set up kernel state on BSD machines |
| draft-schilcher-mobike-pfkey-extension-01 | MOBIKE Extensions for PF_KEY | v4.7 | also defines KAME's SPD extensions to set up kernel policy on BSD machine |
| PF_KEY Extensions for IPsec Policy Management in KAME Stack | Post to KAME mailing list about PF KEY | Some background |
Cryptography: AEAD, Public Keys (formats, standards, DNS records) ...
| Standard | Description | Status | Comments |
|---|---|---|---|
| RFC-8813 | Clarifications for Elliptic Curve Cryptography Subject Public Key Information | ||
| RFC-7468 | Textual Encodings of PKIX, PKCS, and CMS Structures | v | ipsec showhostkey --pem: outputs 13. Textual Encoding of Subject Public Key Info |
| RFC-6605 | Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC | "ipsec --ipseckey" and "ipseckey --{left,right}" both dump ECDSA keys using the format described in 4. DNSKEY and RRSIG Resource Records for ECDSA | |
| RFC-5280 | Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile | See 4.1.2.7. Subject Public Key Info | |
| RFC-4648 | The Base16, Base32, and Base64 Data Encodings | v | see datatot() |
| RFC-4034 | Resource Records for the DNS Security Extensions | ||
| RFC-4025 | A Method for Storing IPsec Keying Material in DNS | v | ipsec showhostkey --ipseckey: outputs the text for an IPSECKEY RR record Algorithm 1, DSA: 2. DSA KEY Resource Records Algorithm 2, RSA: RFC-3110 2. RSA Public KEY Resource Records Algorithm 3, ECDSA: RFC-6605 4. DNSKEY and RRSIG Resource Records for ECDSA Algorithm 4 will probably use RFC-5280 4.1.2.7. Subject Public Key Info |
| RFC-3110 | RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS) | v | "ipsec --ipseckey" and "ipseckey --{left,right}" dump RSA keys using the format described in 2. RSA Public KEY Resource Records. |
| RFC-2536 | DSA KEYs and SIGs in the Domain Name System (DNS) | This won't be implemented. | |
| RFC-1421 | Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures | Origins of PEM format. | |
| draft-irtf-cfrg-aead-limits | Usage Limits on AEAD Algorithms | Hopefully answers the question of what limits to place on AEAD. |