Implemented Standards: Difference between revisions

From Libreswan
Jump to navigation Jump to search
(more kame info)
(refresh list)
 
(34 intermediate revisions by 2 users not shown)
Line 1: Line 1:


The following table lists the RFCs, drafts and standards related to IKE and IPsec. An overview of IKE and IPsec related RFC's is available in
The following table lists the RFCs, drafts and standards related to IKE and IPsec. An overview of IKE and IPsec related RFC's is available in
[http://tools.ietf.org/html/rfc6071 RFC 6071].
[https://datatracker.ietf.org/doc/html/rfc6071 RFC 6071].


Implementation status can be: implemented (v), planned (p), not implemented (-), will not be implemented (X) and work in progress (wip)
Implementation status can be: implemented (yes, vX.X), planned (p), not implemented (-), will not be implemented (X) and work in progress (wip)
 
All the standards, including drafts can be found at [https://datatracker.ietf.org/wg/ipsecme/documents/ IP Security Maintenance and Extensions]
 
== [https://datatracker.ietf.org/doc/html/rfc7296 IKEv2 RFC 7296] ==


== IKEv1 ==
{| class="wikitable"
{| class="wikitable"
! style="text-align:left;" | Standard
! style="text-align:left;" | Standard
Line 12: Line 15:
! style="text-align:left;" | Comments
! style="text-align:left;" | Comments
|-
|-
| [http://tools.ietf.org/html/rfc2407 RFC 2407]
| [https://datatracker.ietf.org/doc/html/rfc9478 RFC 9478]
| IPsec Domain of Interpretation for ISAKMP (IPsec DoI)
| Labeled IPsec Traffic Selector support for IKEv2
| v
| v4.4
|
|  
|-
|-
| [http://tools.ietf.org/html/rfc2408 RFC 2408]
| [https://datatracker.ietf.org/doc/html/rfc9464 RFC 9464]
| Internet Security Association and Key Management Protocol (ISAKMP)
| Configuration for Encrypted DNS
| v
|  
|
|  
|-
|-
| [http://tools.ietf.org/html/rfc2409 RFC 2409]
| [https://datatracker.ietf.org/doc/html/rfc9370 RFC 9370]
| Internet Key Exchange (IKE)
| Intermediate Exchange in the IKEv2 Protocol
| v
|  
| Revised Mode not implemented
| aka IKE_INTERMEDIATE + IKE_FOLLOWUP_KE
|-
|-
| [https://tools.ietf.org/html/rfc3526 RFC 3526]
| [https://datatracker.ietf.org/doc/html/rfc9347 RFC 9347]
| More Modular Exponential (MODP) Diffie-Hellman groups
| Aggregation and Fragmentation Mode for Encapsulating Security Payload (ESP) and Its Use for IP Traffic Flow Security (IP-TFS)
| v
| p
|
|  
|-
|-
| [https://tools.ietf.org/html/rfc3706 RFC 3706]
| [https://datatracker.ietf.org/doc/html/rfc9242 RFC 9242]
| A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers
| Intermediate Exchange in the IKEv2 Protocol
| v
| v
| known as "DPD"
| aka IKE_INTERMEDIATE
|-
|-
| [https://tools.ietf.org/html/3947 RFC 3947]
| [https://datatracker.ietf.org/doc/html/rfc8784/ RFC 8784]
| Negotiation of NAT-Traversal in the IKE
| Postquantum Preshared Keys for IKEv2
| v
| v3.25
| known as "NATT" or "ESPinUDP"
|  
|-
|-
| [http://tools.ietf.org/html/draft-dukes-ike-mode-cfg draft-dukes-ike-mode-cfg]
| [https://datatracker.ietf.org/doc/html/rfc8420 RFC 8420]
| The ISAKMP Configuration Method
| Using the Edwards-Curve Digital Signature Algorithm (EdDSA) in the Internet Key Exchange Protocol Version 2 (IKEv2)
| v
| wip
|
| Code is available in a branch, but requires NSS patches - waiting on NSS merge before merging into libreswan
|-
|-
| [http://tools.ietf.org/html/draft-ietf-ipsec-isakmp-xauth draft-ietf-ipsec-isakmp-xauth]
| [https://datatracker.ietf.org/doc/html/rfc8247 RFC 8247]
| Extended Authentication within ISAKMP/Oakley (XAUTH)
| Algorithm Implementation Requirements and Usage Guidance for the Internet Key Exchange Protocol Version 2 (IKEv2)
| v
| v
|
|
|-
|-
| [http://tools.ietf.org/html/draft-jenkins-ipsec-rekeying-06 draft-jenkins-ipsec-rekeying]
| [https://datatracker.ietf.org/doc/html/rfc8229 RFC 8229]
| IPsec Re-keying Issues
| TCP Encapsulation of IKE and IPsec Packets
| v
| v4.0
| Implementation differs on some point but accomplishes the same
| IKE over TCP implemented and IKE over ESP supported on Linux 5.6+ kernels. Does not currently support IKE/ESP over TLS
|-
|-
| [http://tools.ietf.org/html/draft-ietf-ipsec-isakmp-hybrid-auth  draft-ietf-ipsec-isakmp-hybrid-auth]
| [https://datatracker.ietf.org/doc/html/rfc8019 RFC 8019]
| A Hybrid Authentication Mode for IKE
| Protecting Internet Key Exchange Protocol Version 2 (IKEv2) Implementations from Distributed Denial-of-Service Attacks
| X
| -
|
|
|-
|-
|}
| [https://datatracker.ietf.org/doc/html/rfc7815 RFC 7815]
 
| Minimal Internet Key Exchange Version 2 (IKEv2) Initiator Implementation
== [http://tools.ietf.org/html/rfc7296 IKEv2] ==
| '''X'''
 
| This is a really just a subset of IKEv2 [http://datatracker.ietf.org/doc/html/rfc7296 RFC 7296]
{| class="wikitable"
|-
! style="text-align:left;" | Standard
| [https://datatracker.ietf.org/doc/html/rfc7670 RFC 7670]
! style="text-align:left;" | Description
| Generic Raw Public-Key Support for IKEv2
! style="text-align:left;" | Status
| p
! style="text-align:left;" | Comments
| raw RSA public keys are supported using the core IKE RFCs
|-
|-
| [http://tools.ietf.org/html/rfc7296 RFC 7296]
| [https://datatracker.ietf.org/doc/html/rfc7651 RFC 7651]
| '''Internet Key Exchange Protocol Version 2 (IKEv2)'''
| 3GPP IP Multimedia Subsystems (IMS) Option for the Internet Key Exchange Protocol Version 2 (IKEv2)
| v
| -
| Obsoletes [http://tools.ietf.org/html/rfc5996 RFC 5996] and [http://tools.ietf.org/html/rfc4718 RFC 4718]
|
|-
|-
| [http://tools.ietf.org/html/rfc7815 RFC 7815]
| [https://datatracker.ietf.org/doc/html/rfc7634 RFC 7634]
| Minimal Internet Key Exchange Version 2 (IKEv2) Initiator Implementation
| ChaCha20, Poly1305, and Their Use in the IKE Protocol and IPsec
| X
| v3.26
| This is a really just a subset of IKEv2 [http://tools.ietf.org/html/rfc7296 RFC 7296]
|  
|-
|-
| [http://tools.ietf.org/html/rfc4307 RFC 4307]
| [https://datatracker.ietf.org/doc/html/rfc7619 RFC 7619]
| Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
| The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2)
| v
| v
| Obsoleted by [http://tools.ietf.org/html/rfc8247 RFC 8247]
|-
| [https://tools.ietf.org/html/rfc4478 RFC 4478]
| Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
| p
|
|
|-
|-
| [https://tools.ietf.org/html/rfc4555 RFC 4555]
| [https://datatracker.ietf.org/doc/html/rfc7427 RFC 7427]
| IKEv2 Mobility and Multihoming Protocol (MOBIKE)
| Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)
| v
| v
| "Additional Addresses" not supported
| a.k.a. DIGSIG<br>Implementation supports RSS-PSS (v3.26) and ECDSA(v3.26) and RSA-v1.5 (v4.7)
|-
|-
| [https://tools.ietf.org/html/rfc4595 RFC 4595]
| [https://datatracker.ietf.org/doc/html/rfc7383 RFC 7383]
| Use of IKEv2 in the Fibre Channel Security Association Management Protocol
| Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation
| -
| v
|
|
|-
|-
| [https://tools.ietf.org/html/rfc4615 RFC 4615]
| [https://datatracker.ietf.org/doc/html/rfc7296 RFC 7296]
| The AES-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for IKE
| '''Internet Key Exchange Protocol Version 2 (IKEv2)'''
| p
| v
| CMAC is supoorted as INTEG (for ESP/IKE) but not as PRF(for IKE) - this is pending support in the NSS library.
| Obsoletes [https://datatracker.ietf.org/doc/html/rfc5996 RFC 5996] and [https://datatracker.ietf.org/doc/html/rfc4718 RFC 4718]
|-
|-
| [https://tools.ietf.org/html/rfc4621 RFC 4621]
| [https://datatracker.ietf.org/doc/html/rfc6989 RFC 6989]
| Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol
| Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2)
| N/A
| N/A
|
| This work is or needs to be done inside the nss library
|-
|-
| [https://tools.ietf.org/html/rfc4739 RFC 4739]
| [https://datatracker.ietf.org/doc/html/rfc6954 RFC 6954]
| Multiple Authentication Exchanges in the IKEv2 Protocol
| Using the Elliptic Curve Cryptography (ECC) Brainpool Curves for the Internet Key Exchange Protocol Version 2 (IKEv2)
| p
| -
|
|  
|-
|-
| [https://tools.ietf.org/html/rfc4754 RFC 4754]
| [https://datatracker.ietf.org/doc/html/rfc6932 RFC 6932]
| IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA)
| Brainpool Elliptic Curves for the IKE Group Description Registry
| p
| -
|
|
|-
|-
| [https://tools.ietf.org/html/rfc4806 RFC 4806]
| [https://datatracker.ietf.org/doc/html/rfc6867 RFC 6867]
| Online Certificate Status Protocol (OCSP) Extensions to IKEv2
| An Internet Key Exchange Protocol Version 2 (IKEv2) Extension to Support EAP Re-authentication Protocol (ERP)
| -
| -
| Regular OCSP fetching outside of IKE is supported.
|
|-
|-
| [https://tools.ietf.org/html/rfc5026 RFC 5026]
| [https://datatracker.ietf.org/doc/html/rfc6631 RFC 6631]
| Mobile IPv6 Bootstrapping in Split Scenario
| Password Authenticated Connection Establishment with IKEv2
| -
| -
|
|
|-
|-
| [https://tools.ietf.org/html/rfc5282 RFC 5282]
| [https://datatracker.ietf.org/doc/html/rfc6628 RFC 6628]
| Using Authenticated Encryption Algorithms with the Encrypted Payload of the IKEv2 Protocol
| Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2
| v
| -
| Only AES_GCM is implemented. AES_CCM requires support in the nss library
|-
| [https://tools.ietf.org/html/rfc5685 RFC 5685]
| Redirect Mechanism for IKEv2
| v3.28
|
|
|-
|-
| [https://tools.ietf.org/html/rfc5857 RFC 5857]
| [https://datatracker.ietf.org/doc/html/rfc6617 RFC 6617]
| IKEv2 Extensions to Support Robust Header Compression over IPsec
| Secure Pre-Shared Key (PSK) Authentication for the Internet Key Exchange Protocol (IKE)
| -
| -
|
|
|-
|-
| [https://tools.ietf.org/html/rfc5723 RFC 5723]
| [https://datatracker.ietf.org/doc/html/rfc6467 RFC 6467]
| Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption
| Secure Password Framework for IKEv2
| wip
| -
|
|
|-
|-
| [https://tools.ietf.org/html/rfc5739 RFC 5739]
| [https://datatracker.ietf.org/doc/html/rfc6311 RFC 6311]
| IPv6 Configuration in Internet Key Exchange Protocol Version 2 (IKEv2)
| Protocol Support for High Availability of IKEv2/IPsec
| -
| -
|
|
|-
|-
| [https://tools.ietf.org/html/rfc5903 RFC 5903]
| [https://datatracker.ietf.org/doc/html/rfc6290 RFC 6290]
| ECP Groups for IKE and IKEv2
| A Quick Crash Detection Method for the Internet Key Exchange Protocol (IKE)
| v
| p
|
|
|-
|-
| [https://tools.ietf.org/html/rfc5930 RFC 5930]
| [https://datatracker.ietf.org/doc/html/rfc6027 RFC 6027]
| Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol
| IPsec Cluster Problem Statement
| v
| N/A
|
|-
| [https://tools.ietf.org/html/rfc5998 RFC 5998]
| An Extension for EAP-only Authentication in IKEv2
| wip
|
|
|-
|-
| [https://tools.ietf.org/html/rfc6023 RFC 6023]
| [https://datatracker.ietf.org/doc/html/rfc6023 RFC 6023]
| A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security Association (SA)
| A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security Association (SA)
| -
| -
|
|
|-
|-
| [https://tools.ietf.org/html/rfc6027 RFC 6027]
| [https://datatracker.ietf.org/doc/html/rfc5998 RFC 5998]
| IPsec Cluster Problem Statement
| An Extension for EAP-only Authentication in IKEv2
| N/A
| wip
|
|
|-
|-
| [https://tools.ietf.org/html/rfc6290 RFC 6290]
| [https://datatracker.ietf.org/doc/html/rfc5930 RFC 5930]
| A Quick Crash Detection Method for the Internet Key Exchange Protocol (IKE)
| Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol
| p
| v
|
|
|-
|-
| [https://tools.ietf.org/html/rfc6311 RFC 6311]
| [https://datatracker.ietf.org/doc/html/rfc5903 RFC 5903]
| Protocol Support for High Availability of IKEv2/IPsec
| ECP Groups for IKE and IKEv2
| -
| v
|
|
|-
|-
| [https://tools.ietf.org/html/rfc6467 RFC 6467]
| [https://datatracker.ietf.org/doc/html/rfc5857 RFC 5857]
| Secure Password Framework for IKEv2
| IKEv2 Extensions to Support Robust Header Compression over IPsec
| -
| -
|
|
|-
|-
| [https://tools.ietf.org/html/rfc6617 RFC 6617]
| [https://datatracker.ietf.org/doc/html/rfc5739 RFC 5739]
| Secure Pre-Shared Key (PSK) Authentication for the Internet Key Exchange Protocol (IKE)
| IPv6 Configuration in Internet Key Exchange Protocol Version 2 (IKEv2)
| -
| -
|
|
|-
|-
| [https://tools.ietf.org/html/rfc6628 RFC 6628]
| [https://datatracker.ietf.org/doc/html/rfc5723 RFC 5723]
| Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2
| Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption
| -
| wip
|
|
|-
|-
| [https://tools.ietf.org/html/rfc6631 RFC 6631]
| [https://datatracker.ietf.org/doc/html/rfc5685 RFC 5685]
| Password Authenticated Connection Establishment with IKEv2
| Redirect Mechanism for IKEv2
| -
| v3.28
|
|
|-
|-
| [https://tools.ietf.org/html/rfc6867 RFC 6867]
| [https://datatracker.ietf.org/doc/html/rfc5282 RFC 5282]
| An Internet Key Exchange Protocol Version 2 (IKEv2) Extension to Support EAP Re-authentication Protocol (ERP)
| Using Authenticated Encryption Algorithms with the Encrypted Payload of the IKEv2 Protocol
| -
| v
|
| Only AES_GCM is implemented. AES_CCM requires support in the nss library
|-
|-
| [https://tools.ietf.org/html/rfc6932 RFC 6932]
| [https://datatracker.ietf.org/doc/html/rfc5026 RFC 5026]
| Brainpool Elliptic Curves for the IKE Group Description Registry
| Mobile IPv6 Bootstrapping in Split Scenario
| -
| -
|
|
|-
|-
| [https://tools.ietf.org/html/rfc6954 RFC 6954]
| [https://datatracker.ietf.org/doc/html/rfc4806 RFC 4806]
| Using the Elliptic Curve Cryptography (ECC) Brainpool Curves for the Internet Key Exchange Protocol Version 2 (IKEv2)
| Online Certificate Status Protocol (OCSP) Extensions to IKEv2
| -
| -
|  
| Regular OCSP fetching outside of IKE is supported.
|-
|-
| [https://tools.ietf.org/html/rfc6989 RFC 6989]
| [https://datatracker.ietf.org/doc/html/rfc4754 RFC 4754]
| Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2)
| IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA)
| N/A
| p
| This work is or needs to be done inside the nss library
| Needs to be interop tested with Microsoft, see https://github.com/libreswan/libreswan/issues/659
|-
|-
| [https://tools.ietf.org/html/rfc7383 RFC 7383]
| [https://datatracker.ietf.org/doc/html/rfc4739 RFC 4739]
| Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation
| Multiple Authentication Exchanges in the IKEv2 Protocol
| v
| p
|
|
|-
|-
| [https://tools.ietf.org/html/rfc7427 RFC 7427]
| [https://datatracker.ietf.org/doc/html/rfc4621 RFC 4621]
| Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)
| Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol
| v
| N/A
| Implementation supports RSS-PSS  (since v3.26) and RSA-v1.5 (since v4.7)  
|-
| [https://tools.ietf.org/html/rfc7619 RFC 7619]
| The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2)
| v
|
|
|-
|-
| [https://tools.ietf.org/html/rfc7634 RFC 7634]
| [https://datatracker.ietf.org/doc/html/rfc4615 RFC 4615]
| ChaCha20, Poly1305, and Their Use in the IKE Protocol and IPsec
| The AES-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for IKE
| v3.26
| p
|  
| CMAC is supoorted as INTEG (for ESP/IKE) but not as PRF(for IKE) - this is pending support in the NSS library.
|-
|-
| [https://tools.ietf.org/html/rfc7651 RFC 7651]
| [https://datatracker.ietf.org/doc/html/rfc4595 RFC 4595]
| 3GPP IP Multimedia Subsystems (IMS) Option for the Internet Key Exchange Protocol Version 2 (IKEv2)
| Use of IKEv2 in the Fibre Channel Security Association Management Protocol
| -
| -
|
|
|-
|-
| [https://tools.ietf.org/html/rfc7670 RFC 7670]
| [https://datatracker.ietf.org/doc/html/rfc4555 RFC 4555]
| Generic Raw Public-Key Support for IKEv2
| IKEv2 Mobility and Multihoming Protocol (MOBIKE)
| v
| "Additional Addresses" not supported
|-
| [https://datatracker.ietf.org/doc/html/rfc4478 RFC 4478]
| Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
| p
| p
| raw RSA public keys are supported using the core IKE RFCs
|-
| [https://tools.ietf.org/html/rfc8019 RFC 8019]
| Protecting Internet Key Exchange Protocol Version 2 (IKEv2) Implementations from Distributed Denial-of-Service Attacks
| -
|
|
|-
|-
| [https://tools.ietf.org/html/rfc8247 RFC 8247]
| [https://datatracker.ietf.org/doc/html/rfc4307 RFC 4307]
| Algorithm Implementation Requirements and Usage Guidance for the Internet Key Exchange Protocol Version 2 (IKEv2)
| Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
| v
| v
|
| Obsoleted by [https://datatracker.ietf.org/doc/html/rfc8247 RFC 8247]
|-
|-
| [https://tools.ietf.org/html/rfc8420 RFC 8420]
| [https://datatracker.ietf.org/doc/html/draft-brunner-ikev2-mediation draft-brunner-ikev2-mediation]
| Using the Edwards-Curve Digital Signature Algorithm (EdDSA) in the Internet Key Exchange Protocol Version 2 (IKEv2)
| wip
| Code is available in a branch, but requires NSS patches - waiting on NSS merge before merging into libreswan
|-
| [https://tools.ietf.org/html/rfc8229 RFC 8229]
| TCP Encapsulation of IKE and IPsec Packets
| v4.0
| IKE over TCP implemented and IKE over ESP supported on Linux 5.6+ kernels. Does not currently support IKE/ESP over TLS
|-
| [https://datatracker.ietf.org/doc/rfc8784/ RFC 8784]
| Postquantum Preshared Keys for IKEv2
| v3.25
|
|-
| [https://tools.ietf.org/html/draft-brunner-ikev2-mediation draft-brunner-ikev2-mediation]
| IKEv2 Mediation Extension
| IKEv2 Mediation Extension
| -
| -
|
|
|-
|-
| [https://tools.ietf.org/html/draft-laganier-ike-ipv6-cga draft-laganier-ike-ipv6-cga]
| [https://datatracker.ietf.org/doc/html/draft-laganier-ike-ipv6-cga draft-laganier-ike-ipv6-cga]
| Using IKE with IPv6 Cryptographically Generated Addresses
| Using IKE with IPv6 Cryptographically Generated Addresses
| -
| -
|
|
|-
|-
| [https://tools.ietf.org/html/draft-ietf-ipsecme-split-dns draft-ietf-ipsecme-split-dns]
| [https://datatracker.ietf.org/doc/html/draft-ietf-ipsecme-split-dns draft-ietf-ipsecme-split-dns]
| Split DNS Configuration for IKEv2
| Split DNS Configuration for IKEv2
| p
| p
| INTERNAL_DOMAIN implemented, INTERNAL_TA_DNSSEC not yet implemented
| INTERNAL_DOMAIN implemented, INTERNAL_TA_DNSSEC not yet implemented
|-
|-
| [https://tools.ietf.org/html/draft-ietf-ipsecme-ikev2-intermediate draft-ietf-ipsecme-ikev2-intermediate]
| [https://datatracker.ietf.org/doc/html/draft-smyslov-ipsecme-ikev2-auth-announce draft-ietf-ipsecme-ikev2-auth-announce]
| Intermediate Exchange in the IKEv2 Protocol
| Announcing Supported Authentication Methods in IKEv2
| v
|
| Experimental
| Internet-Draft
|-
| [https://datatracker.ietf.org/doc/draft-pwouters-ipsecme-multi-sa-performance draft-pwouters-ipsecme-multi-sa-performance]
| IKEv2 support for per-queue Child SAs
|
| Internet-Draft
|-
| [https://datatracker.ietf.org/doc/draft-smyslov-ipsecme-ikev2-qr-alt draft-smyslov-ipsecme-ikev2-qr-alt]
| Alternative Approach for Mixing Preshared Keys in IKEv2 for Post-quantum Security
|  
| Internet-Draft
|-
|-
| [https://tools.ietf.org/html/draft-ietf-ipsecme-labeled-ipsec draft-ietf-ipsecme-labeled-ipsec]
| [https://datatracker.ietf.org/doc/draft-ietf-ipsecme-ikev2-sa-ts-payloads-opt draft-ietf-ipsecme-ikev2-sa-ts-payloads-opt]
| Labeled IPsec Traffic Selector support for IKEv2
| IKEv2 Optional SA&TS Payloads in Child Exchange
| v4.4
|  
| Internet-Draft
| Internet-Draft
|-
|-
|}
|}


== IPsec ==
== IKEv1 ==


{| class="wikitable"
{| class="wikitable"
Line 322: Line 300:
! style="text-align:left;" | Comments
! style="text-align:left;" | Comments
|-
|-
| [https://tools.ietf.org/html/rfc4301 RFC 4301 ]
| [https://datatracker.ietf.org/doc/html/4304 RFC 4304]
| Security Architecture for the Internet Protocol
| Extended Sequence Number (ESN) Addendum to IPsec Domain of Interpretation (DOI) for Internet Security Association and Key Management Protocol (ISAKMP)
|
|
|-
| [https://datatracker.ietf.org/doc/html/3947 RFC 3947]
| Negotiation of NAT-Traversal in the IKE
| v
| known as "NATT" or "ESPinUDP"
|-
| [https://datatracker.ietf.org/doc/html/rfc3706 RFC 3706]
| A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers
| v
| known as "DPD"; IKEv2's equivalent is "liveness"
|-
| [https://datatracker.ietf.org/doc/html/rfc3526 RFC 3526]
| More Modular Exponential (MODP) Diffie-Hellman groups
| v
| v
|
|
|-
|-
| [https://tools.ietf.org/html/rfc4302 RFC 4302 ]
| [http://datatracker.ietf.org/doc/html/rfc2409 RFC 2409]
| '''IP Authentication Header (AH)'''
| '''Internet Key Exchange (IKE)'''
| v
| v
| Obsoletes: [https://tools.ietf.org/html/rfc2402 2402]
| Revised Mode not implemented
|-
|-
| [https://tools.ietf.org/html/rfc4303 RFC 4303 ]
| [http://datatracker.ietf.org/doc/html/rfc2408 RFC 2408]
| '''IP Encapsulating Security Payload (ESP)'''
| '''Internet Security Association and Key Management Protocol (ISAKMP)'''
| v
| v
| Obsoletes: [https://tools.ietf.org/html/rfc2406 2406]
|
|-
|-
| [https://tools.ietf.org/html/rfc4308 RFC 4308 ]
| [http://datatracker.ietf.org/doc/html/rfc2407 RFC 2407]
| Cryptographic Suites for IPsec
| '''IPsec Domain of Interpretation for ISAKMP (IPsec DoI)'''
| v
|
|
|-
| [http://datatracker.ietf.org/doc/html/draft-dukes-ike-mode-cfg draft-dukes-ike-mode-cfg]
| The ISAKMP Configuration Method
| v
|
|
|-
|-
| [https://tools.ietf.org/html/rfc2410 RFC 2410 ]
| [http://datatracker.ietf.org/doc/html/draft-ietf-ipsec-isakmp-xauth draft-ietf-ipsec-isakmp-xauth]
| The NULL Encryption Algorithm and Its Use With IPsec
| Extended Authentication within ISAKMP/Oakley (XAUTH)
| v
| v
|
|
|-
|-
| [https://tools.ietf.org/html/rfc2451 RFC 2451 ]  
| [http://datatracker.ietf.org/doc/html/draft-jenkins-ipsec-rekeying-06 draft-jenkins-ipsec-rekeying]
| The ESP CBC-Mode Cipher Algorithms
| IPsec Re-keying Issues
| v
| v
| Implementation differs on some point but accomplishes the same
|-
| [http://datatracker.ietf.org/doc/html/draft-ietf-ipsec-isakmp-hybrid-auth  draft-ietf-ipsec-isakmp-hybrid-auth]
| A Hybrid Authentication Mode for IKE
| '''X'''
|
|
|-
|-
| [https://tools.ietf.org/html/rfc3602 RFC 3602 ]  
|}
| The AES-CBC Cipher Algorithm and Its Use with IPsec
 
== IPsec ==
 
{| class="wikitable"
! style="text-align:left;" | Standard
! style="text-align:left;" | Description
! style="text-align:left;" | Status
! style="text-align:left;" | Comments
|-
| [https://datatracker.ietf.org/doc/html/rfc4302 RFC 4302 ]
| '''IP Authentication Header (AH)'''
| v
| Obsoletes: [https://datatracker.ietf.org/doc/html/rfc2402 2402]
|-
| [https://datatracker.ietf.org/doc/html/rfc4303 RFC 4303 ]
| '''IP Encapsulating Security Payload (ESP)'''
| v
| v
| Obsoletes: [https://datatracker.ietf.org/doc/html/rfc2406 2406]
|-
|
|
|
|
|-
|-
| [https://tools.ietf.org/html/rfc3948 RFC 3948 ]  
| [https://datatracker.ietf.org/doc/html/rfc8750 RFC 8750]
| UDP Encapsulation of IPsec ESP Packets
| Implicit Initialization Vector (IV) for Counter-Based Ciphers in Encapsulating Security Payload (ESP)
| -
|
|-
| [https://datatracker.ietf.org/doc/html/rfc8221 RFC 8221]
| Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)
| v
| Obsoletes [http://datatracker.ietf.org/doc/html/rfc7321 RFC 7321]
|-
| [https://datatracker.ietf.org/doc/html/rfc7321 RFC 7321]
| Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)
| v
| v
| Obsoleted by [http://datatracker.ietf.org/doc/html/rfc8221 RFC 8221]
|-
| [https://datatracker.ietf.org/doc/html/rfc7018 RFC 7018 ]
| Auto-Discovery VPN Problem Statement and Requirements
| N/A
|
|
|-
|-
| [https://tools.ietf.org/html/rfc3686 RFC 3686 ]  
| [https://datatracker.ietf.org/doc/html/rfc6479 RFC 6479 ]  
| Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP)
| IPsec Anti-Replay Algorithm without Bit Shifting
| v
| ?
|
|
|-
|-
| [https://tools.ietf.org/html/rfc4106 RFC 4106 ]  
| [https://datatracker.ietf.org/doc/html/rfc6379 RFC 6379 ]  
| The Use of Galois/Counter Mode (GCM) in IPsec ESP
| Suite B Cryptographic Suites for IPsec
| v
| v
|
| Not all ciphers are implemented
|-
|-
| [https://tools.ietf.org/html/rfc4304 RFC 4304 ]  
| [https://datatracker.ietf.org/doc/html/rfc6380 RFC 6380 ]  
| Extended Sequence Number (ESN) Addendum to IPsec DOI for ISAKMP
| Suite B Profile for Internet Protocol Security (IPsec)
| v
| v
|
|
|-
|-
| [https://tools.ietf.org/html/rfc4309 RFC 4309 ]  
| [https://datatracker.ietf.org/doc/html/rfc5879 RFC 5879 ]  
| Using Advanced Encryption Standard (AES) CCM Mode with IPsec ESP
| Heuristics for Detecting ESP-NULL Packets
| v
| N/A
|
|
|-
|-
| [https://tools.ietf.org/html/rfc4494 RFC 4494 ]  
| [https://datatracker.ietf.org/doc/html/rfc5840 RFC 5840 ]  
| The AES-CMAC-96 Algorithm and Its Use with IPsec
| Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility
| X
| '''X'''
|
|
|-
|-
| [https://tools.ietf.org/html/rfc4543 RFC 4543 ]  
| [https://datatracker.ietf.org/doc/html/rfc5660 RFC 5660 ]  
| The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH
| IPsec Channels: Connection Latching
| X
| '''X'''
| Kernel support is availble, ike support is not
|  
|-
|-
| [https://tools.ietf.org/html/rfc4868 RFC 4868 ]  
| [https://datatracker.ietf.org/doc/html/rfc5529 RFC 5529 ]  
| Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec
| Modes of Operation for Camellia for Use with IPsec
| v
| v
|
|
|-
|-
| [https://tools.ietf.org/html/rfc5114 RFC 5114 ]  
| [https://datatracker.ietf.org/doc/html/rfc5114 RFC 5114 ]  
| Additional Diffie-Hellman Groups for Use with IETF Standards
| Additional Diffie-Hellman Groups for Use with IETF Standards
| v
| v
| Only DH22,23,24 - remainder planned
| Only DH22,23,24 - remainder planned
|-
|-
| [https://tools.ietf.org/html/rfc5529 RFC 5529 ]  
| [https://datatracker.ietf.org/doc/html/rfc4868 RFC 4868 ]  
| Modes of Operation for Camellia for Use with IPsec
| Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec
| v
|
|-
| [https://datatracker.ietf.org/doc/html/rfc4543 RFC 4543 ]
| The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH
| '''X'''
| Kernel support is availble, ike support is not
|-
| [https://datatracker.ietf.org/doc/html/rfc4494 RFC 4494 ]
| The AES-CMAC-96 Algorithm and Its Use with IPsec
| '''X'''
|
|-
| [https://datatracker.ietf.org/doc/html/rfc4309 RFC 4309 ]
| Using Advanced Encryption Standard (AES) CCM Mode with IPsec ESP
| v
| v
|
|
|-
|-
| [https://tools.ietf.org/html/rfc5660 RFC 5660 ]  
| [https://datatracker.ietf.org/doc/html/rfc4308 RFC 4308 ]
| IPsec Channels: Connection Latching
| Cryptographic Suites for IPsec
| X
|
|  
|
|-
|-
| [https://tools.ietf.org/html/rfc5879 RFC 5879 ]  
| [https://datatracker.ietf.org/doc/html/rfc4304 RFC 4304 ]  
| Heuristics for Detecting ESP-NULL Packets
| Extended Sequence Number (ESN) Addendum to IPsec DOI for ISAKMP
| N/A
| v
|
|
|-
|-
| [https://tools.ietf.org/html/rfc5840 RFC 5840 ]  
| [https://datatracker.ietf.org/doc/html/rfc4303 RFC 4303 ]
| Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility
| '''IP Encapsulating Security Payload (ESP)'''
| X
| v
| Obsoletes: [https://datatracker.ietf.org/doc/html/rfc2406 2406]
|-
| [https://datatracker.ietf.org/doc/html/rfc4302 RFC 4302 ]
| '''IP Authentication Header (AH)'''
| v
| Obsoletes: [https://datatracker.ietf.org/doc/html/rfc2402 2402]
|-
| [https://datatracker.ietf.org/doc/html/rfc4301 RFC 4301 ]
| Security Architecture for the Internet Protocol
| v
|
|
|-
|-
| [https://tools.ietf.org/html/rfc6379 RFC 6379 ]  
| [https://datatracker.ietf.org/doc/html/rfc4106 RFC 4106 ]  
| Suite B Cryptographic Suites for IPsec
| The Use of Galois/Counter Mode (GCM) in IPsec ESP
| v
| v
| Not all ciphers are implemented
|
|-
|-
| [https://tools.ietf.org/html/rfc6380 RFC 6380 ]  
| [https://datatracker.ietf.org/doc/html/rfc3948 RFC 3948 ]  
| Suite B Profile for Internet Protocol Security (IPsec)
| UDP Encapsulation of IPsec ESP Packets
| v
| v
|
|
|-
|-
| [https://tools.ietf.org/html/rfc6479 RFC 6479 ]  
| [https://datatracker.ietf.org/doc/html/rfc3686 RFC 3686 ]  
| IPsec Anti-Replay Algorithm without Bit Shifting
| Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP)
| ?
| v
|
|
|-
|-
| [https://tools.ietf.org/html/rfc7018 RFC 7018 ]  
| [https://datatracker.ietf.org/doc/html/rfc3602 RFC 3602 ]  
| Auto-Discovery VPN Problem Statement and Requirements
| The AES-CBC Cipher Algorithm and Its Use with IPsec
| N/A
| v
|
|
|-
|-
| [https://tools.ietf.org/html/rfc7321 RFC 7321]
| [https://datatracker.ietf.org/doc/html/rfc2451 RFC 2451 ]  
| Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)
| The ESP CBC-Mode Cipher Algorithms
| v
| v
| Obsoleted by [http://tools.ietf.org/html/rfc8221 RFC 8221]
|
|-
|-
| [https://tools.ietf.org/html/rfc8221 RFC 8221]
| [https://datatracker.ietf.org/doc/html/rfc2410 RFC 2410 ]
| Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)
| The NULL Encryption Algorithm and Its Use With IPsec
| v
| v
| Obsoletes [http://tools.ietf.org/html/rfc7321 RFC 7321]
|
|-
|-
| [https://tools.ietf.org/html/draft-antony-ipsecme-oppo-nat draft-antony-ipsecme-oppo-nat]
| [https://datatracker.ietf.org/doc/html/draft-antony-ipsecme-oppo-nat draft-antony-ipsecme-oppo-nat]
| NAT-Traversal support for Opportunistic IPsec
| NAT-Traversal support for Opportunistic IPsec
| v
| v
| Experimental
| Experimental
|-
| [https://datatracker.ietf.org/doc/html/draft-nikander-esp-beet-mode draft-nikander-esp-beet-mode]
| A Bound End-to-End Tunnel (BEET) mode for ESP
| '''X'''
| Never ratified, but it is the scenario where a Linux kernel state's selector does not match the state's src/dst address.
|}
== EAP ==
{| class="wikitable"
! style="text-align:left;" | Standard
! style="text-align:left;" | Description
! style="text-align:left;" | Status
! style="text-align:left;" | Comments
|-
| [https://datatracker.ietf.org/doc/html/rfc9190 RFC-9190]
| EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3
| v4.7
|
|-
| [https://datatracker.ietf.org/doc/html/rfc5998 RFC-5998]
| An Extension for EAP-Only Authentication in IKEv2
| v4.7?
|
|-
| [https://datatracker.ietf.org/doc/html/rfc5216 RFC-5216]
| The EAP-TLS Authentication Protocol
|
| Updated by RFC-9190
|-
| [https://datatracker.ietf.org/doc/html/rfc3748 RFC-3748]
| Extensible Authentication Protocol (EAP)
|
|
|-
| [https://datatracker.ietf.org/doc/html/rfc2716 RFC-2716]
| PPP EAP TLS Authentication Protocol
|
| Obsoleted by RFC-5216
|}
|}


== PF KEY V2 ==
== PF KEY V2 ==
These reference provide a good starting point to understanding the kernel interfaces Libreswan uses.


* most BSD derived systems implement a flavour of PF KEY v2 using the [https://www.kame.net/ KAME] code base as a starting point
* most BSD derived systems implement a flavour of PF KEY v2 using the [https://www.kame.net/ KAME] code base as a starting point
Line 473: Line 572:
| [https://datatracker.ietf.org/doc/html/rfc2367 RFC-2367]
| [https://datatracker.ietf.org/doc/html/rfc2367 RFC-2367]
| PF_KEY Key Management API, Version 2
| PF_KEY Key Management API, Version 2
|  
| v4.7
| SADB messages to set up kernel state on BSD machines
| SADB messages to set up kernel state on BSD machines
|-
|-
| [https://datatracker.ietf.org/doc/html/draft-schilcher-mobike-pfkey-extension-01 draft-schilcher-mobike-pfkey-extension-01]
| [https://datatracker.ietf.org/doc/html/draft-schilcher-mobike-pfkey-extension-01 draft-schilcher-mobike-pfkey-extension-01]
| MOBIKE Extensions for PF_KEY
| MOBIKE Extensions for PF_KEY
|  
| v4.7
| also defines KAME's SPD extensions to set up kernel policy on BSD machine
| also defines KAME's SPD extensions to set up kernel policy on BSD machine
|-
|-
Line 487: Line 586:
|}
|}


== EAP ==
 
== Cryptography: AEAD, Public Keys (formats, standards, DNS records) ... ==
 


{| class="wikitable"
{| class="wikitable"
Line 495: Line 596:
! style="text-align:left;" | Comments
! style="text-align:left;" | Comments
|-
|-
| [https://datatracker.ietf.org/doc/html/rfc9190 RFC-9190]
| [https://datatracker.ietf.org/doc/html/rfc8813 RFC-8813]
| EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3
| Clarifications for Elliptic Curve Cryptography Subject Public Key Information
| v4.7
|
|
|-
| [https://datatracker.ietf.org/doc/html/rfc7468 RFC-7468]
| Textual Encodings of PKIX, PKCS, and CMS Structures
| v
| ipsec showhostkey --pem: outputs [https://datatracker.ietf.org/doc/html/rfc7468#section-13 13. Textual Encoding of Subject Public Key Info]
|-
| [https://datatracker.ietf.org/doc/html/rfc6605 RFC-6605]
| Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC
|
| "ipsec --ipseckey" and "ipseckey --{left,right}" both dump ECDSA keys using the format described in [https://datatracker.ietf.org/doc/html/rfc6605#section-4 4. DNSKEY and RRSIG Resource Records for ECDSA]
|-
| [https://datatracker.ietf.org/doc/html/rfc5280 RFC-5280]
| Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
|  
|  
| See [https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.7 4.1.2.7. Subject Public Key Info]
|-
| [https://datatracker.ietf.org/doc/html/rfc4648 RFC-4648]
| The Base16, Base32, and Base64 Data Encodings
| v
| see datatot()
|-
|-
| [https://datatracker.ietf.org/doc/html/rfc5998 RFC-5998]
| [https://datatracker.ietf.org/doc/html/rfc4034 RFC-4034]
| An Extension for EAP-Only Authentication in IKEv2
| Resource Records for the DNS Security Extensions
| v4.7?
|  
|  
|  
|-
|-
| [https://datatracker.ietf.org/doc/html/rfc5216 RFC-5216]
| [https://datatracker.ietf.org/doc/html/rfc4025 RFC-4025]
| The EAP-TLS Authentication Protocol
| A Method for Storing IPsec Keying Material in DNS
| v
| ipsec showhostkey --ipseckey: outputs the text for an IPSECKEY RR record<br>Algorithm 1, DSA: [https://datatracker.ietf.org/doc/html/rfc2536#section-2 2. DSA KEY Resource Records]<br>Algorithm 2, RSA: [https://datatracker.ietf.org/doc/html/rfc3110#section-2 RFC-3110 2. RSA Public KEY Resource Records]<br>Algorithm 3, ECDSA: [https://datatracker.ietf.org/doc/html/rfc6605#section-4 RFC-6605 4.  DNSKEY and RRSIG Resource Records for ECDSA]<br>Algorithm 4 will probably use [https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.7 RFC-5280 4.1.2.7. Subject Public Key Info]
|-
| [https://datatracker.ietf.org/doc/html/rfc3110 RFC-3110]
| RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)
| v
| "ipsec --ipseckey" and "ipseckey --{left,right}" dump RSA keys using the format described in [https://datatracker.ietf.org/doc/html/rfc3110#section-2 2. RSA Public KEY Resource Records].
|-
| [https://datatracker.ietf.org/doc/html/rfc2536 RFC-2536]
| DSA KEYs and SIGs in the Domain Name System (DNS)
|  
|  
| Updated by RFC-9190
| This won't be implemented.
|-
|-
| [https://datatracker.ietf.org/doc/html/rfc3748 RFC-3748]
| [https://datatracker.ietf.org/doc/html/rfc1421 RFC-1421]
| Extensible Authentication Protocol (EAP)
| Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures
|
|  
|  
| Origins of PEM format.
|-
|-
| [https://datatracker.ietf.org/doc/html/rfc2716 RFC-2716]
| [https://datatracker.ietf.org/doc/html/html/draft-irtf-cfrg-aead-limits draft-irtf-cfrg-aead-limits]
| PPP EAP TLS Authentication Protocol
| Usage Limits on AEAD Algorithms
|  
|  
| Obsoleted by RFC-5216
| Hopefully answers the question of what limits to place on AEAD.
|}
|}

Latest revision as of 15:38, 12 June 2024

The following table lists the RFCs, drafts and standards related to IKE and IPsec. An overview of IKE and IPsec related RFC's is available in RFC 6071.

Implementation status can be: implemented (yes, vX.X), planned (p), not implemented (-), will not be implemented (X) and work in progress (wip)

All the standards, including drafts can be found at IP Security Maintenance and Extensions

IKEv2 RFC 7296

Standard Description Status Comments
RFC 9478 Labeled IPsec Traffic Selector support for IKEv2 v4.4
RFC 9464 Configuration for Encrypted DNS
RFC 9370 Intermediate Exchange in the IKEv2 Protocol aka IKE_INTERMEDIATE + IKE_FOLLOWUP_KE
RFC 9347 Aggregation and Fragmentation Mode for Encapsulating Security Payload (ESP) and Its Use for IP Traffic Flow Security (IP-TFS) p
RFC 9242 Intermediate Exchange in the IKEv2 Protocol v aka IKE_INTERMEDIATE
RFC 8784 Postquantum Preshared Keys for IKEv2 v3.25
RFC 8420 Using the Edwards-Curve Digital Signature Algorithm (EdDSA) in the Internet Key Exchange Protocol Version 2 (IKEv2) wip Code is available in a branch, but requires NSS patches - waiting on NSS merge before merging into libreswan
RFC 8247 Algorithm Implementation Requirements and Usage Guidance for the Internet Key Exchange Protocol Version 2 (IKEv2) v
RFC 8229 TCP Encapsulation of IKE and IPsec Packets v4.0 IKE over TCP implemented and IKE over ESP supported on Linux 5.6+ kernels. Does not currently support IKE/ESP over TLS
RFC 8019 Protecting Internet Key Exchange Protocol Version 2 (IKEv2) Implementations from Distributed Denial-of-Service Attacks -
RFC 7815 Minimal Internet Key Exchange Version 2 (IKEv2) Initiator Implementation X This is a really just a subset of IKEv2 RFC 7296
RFC 7670 Generic Raw Public-Key Support for IKEv2 p raw RSA public keys are supported using the core IKE RFCs
RFC 7651 3GPP IP Multimedia Subsystems (IMS) Option for the Internet Key Exchange Protocol Version 2 (IKEv2) -
RFC 7634 ChaCha20, Poly1305, and Their Use in the IKE Protocol and IPsec v3.26
RFC 7619 The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2) v
RFC 7427 Signature Authentication in the Internet Key Exchange Version 2 (IKEv2) v a.k.a. DIGSIG
Implementation supports RSS-PSS (v3.26) and ECDSA(v3.26) and RSA-v1.5 (v4.7)
RFC 7383 Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation v
RFC 7296 Internet Key Exchange Protocol Version 2 (IKEv2) v Obsoletes RFC 5996 and RFC 4718
RFC 6989 Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2) N/A This work is or needs to be done inside the nss library
RFC 6954 Using the Elliptic Curve Cryptography (ECC) Brainpool Curves for the Internet Key Exchange Protocol Version 2 (IKEv2) -
RFC 6932 Brainpool Elliptic Curves for the IKE Group Description Registry -
RFC 6867 An Internet Key Exchange Protocol Version 2 (IKEv2) Extension to Support EAP Re-authentication Protocol (ERP) -
RFC 6631 Password Authenticated Connection Establishment with IKEv2 -
RFC 6628 Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2 -
RFC 6617 Secure Pre-Shared Key (PSK) Authentication for the Internet Key Exchange Protocol (IKE) -
RFC 6467 Secure Password Framework for IKEv2 -
RFC 6311 Protocol Support for High Availability of IKEv2/IPsec -
RFC 6290 A Quick Crash Detection Method for the Internet Key Exchange Protocol (IKE) p
RFC 6027 IPsec Cluster Problem Statement N/A
RFC 6023 A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security Association (SA) -
RFC 5998 An Extension for EAP-only Authentication in IKEv2 wip
RFC 5930 Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol v
RFC 5903 ECP Groups for IKE and IKEv2 v
RFC 5857 IKEv2 Extensions to Support Robust Header Compression over IPsec -
RFC 5739 IPv6 Configuration in Internet Key Exchange Protocol Version 2 (IKEv2) -
RFC 5723 Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption wip
RFC 5685 Redirect Mechanism for IKEv2 v3.28
RFC 5282 Using Authenticated Encryption Algorithms with the Encrypted Payload of the IKEv2 Protocol v Only AES_GCM is implemented. AES_CCM requires support in the nss library
RFC 5026 Mobile IPv6 Bootstrapping in Split Scenario -
RFC 4806 Online Certificate Status Protocol (OCSP) Extensions to IKEv2 - Regular OCSP fetching outside of IKE is supported.
RFC 4754 IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA) p Needs to be interop tested with Microsoft, see https://github.com/libreswan/libreswan/issues/659
RFC 4739 Multiple Authentication Exchanges in the IKEv2 Protocol p
RFC 4621 Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol N/A
RFC 4615 The AES-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for IKE p CMAC is supoorted as INTEG (for ESP/IKE) but not as PRF(for IKE) - this is pending support in the NSS library.
RFC 4595 Use of IKEv2 in the Fibre Channel Security Association Management Protocol -
RFC 4555 IKEv2 Mobility and Multihoming Protocol (MOBIKE) v "Additional Addresses" not supported
RFC 4478 Repeated Authentication in Internet Key Exchange (IKEv2) Protocol p
RFC 4307 Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2) v Obsoleted by RFC 8247
draft-brunner-ikev2-mediation IKEv2 Mediation Extension -
draft-laganier-ike-ipv6-cga Using IKE with IPv6 Cryptographically Generated Addresses -
draft-ietf-ipsecme-split-dns Split DNS Configuration for IKEv2 p INTERNAL_DOMAIN implemented, INTERNAL_TA_DNSSEC not yet implemented
draft-ietf-ipsecme-ikev2-auth-announce Announcing Supported Authentication Methods in IKEv2 Internet-Draft
draft-pwouters-ipsecme-multi-sa-performance IKEv2 support for per-queue Child SAs Internet-Draft
draft-smyslov-ipsecme-ikev2-qr-alt Alternative Approach for Mixing Preshared Keys in IKEv2 for Post-quantum Security Internet-Draft
draft-ietf-ipsecme-ikev2-sa-ts-payloads-opt IKEv2 Optional SA&TS Payloads in Child Exchange Internet-Draft

IKEv1

Standard Description Status Comments
RFC 4304 Extended Sequence Number (ESN) Addendum to IPsec Domain of Interpretation (DOI) for Internet Security Association and Key Management Protocol (ISAKMP)
RFC 3947 Negotiation of NAT-Traversal in the IKE v known as "NATT" or "ESPinUDP"
RFC 3706 A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers v known as "DPD"; IKEv2's equivalent is "liveness"
RFC 3526 More Modular Exponential (MODP) Diffie-Hellman groups v
RFC 2409 Internet Key Exchange (IKE) v Revised Mode not implemented
RFC 2408 Internet Security Association and Key Management Protocol (ISAKMP) v
RFC 2407 IPsec Domain of Interpretation for ISAKMP (IPsec DoI) v
draft-dukes-ike-mode-cfg The ISAKMP Configuration Method v
draft-ietf-ipsec-isakmp-xauth Extended Authentication within ISAKMP/Oakley (XAUTH) v
draft-jenkins-ipsec-rekeying IPsec Re-keying Issues v Implementation differs on some point but accomplishes the same
draft-ietf-ipsec-isakmp-hybrid-auth A Hybrid Authentication Mode for IKE X

IPsec

Standard Description Status Comments
RFC 4302 IP Authentication Header (AH) v Obsoletes: 2402
RFC 4303 IP Encapsulating Security Payload (ESP) v Obsoletes: 2406
RFC 8750 Implicit Initialization Vector (IV) for Counter-Based Ciphers in Encapsulating Security Payload (ESP) -
RFC 8221 Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH) v Obsoletes RFC 7321
RFC 7321 Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH) v Obsoleted by RFC 8221
RFC 7018 Auto-Discovery VPN Problem Statement and Requirements N/A
RFC 6479 IPsec Anti-Replay Algorithm without Bit Shifting ?
RFC 6379 Suite B Cryptographic Suites for IPsec v Not all ciphers are implemented
RFC 6380 Suite B Profile for Internet Protocol Security (IPsec) v
RFC 5879 Heuristics for Detecting ESP-NULL Packets N/A
RFC 5840 Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility X
RFC 5660 IPsec Channels: Connection Latching X
RFC 5529 Modes of Operation for Camellia for Use with IPsec v
RFC 5114 Additional Diffie-Hellman Groups for Use with IETF Standards v Only DH22,23,24 - remainder planned
RFC 4868 Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec v
RFC 4543 The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH X Kernel support is availble, ike support is not
RFC 4494 The AES-CMAC-96 Algorithm and Its Use with IPsec X
RFC 4309 Using Advanced Encryption Standard (AES) CCM Mode with IPsec ESP v
RFC 4308 Cryptographic Suites for IPsec
RFC 4304 Extended Sequence Number (ESN) Addendum to IPsec DOI for ISAKMP v
RFC 4303 IP Encapsulating Security Payload (ESP) v Obsoletes: 2406
RFC 4302 IP Authentication Header (AH) v Obsoletes: 2402
RFC 4301 Security Architecture for the Internet Protocol v
RFC 4106 The Use of Galois/Counter Mode (GCM) in IPsec ESP v
RFC 3948 UDP Encapsulation of IPsec ESP Packets v
RFC 3686 Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP) v
RFC 3602 The AES-CBC Cipher Algorithm and Its Use with IPsec v
RFC 2451 The ESP CBC-Mode Cipher Algorithms v
RFC 2410 The NULL Encryption Algorithm and Its Use With IPsec v
draft-antony-ipsecme-oppo-nat NAT-Traversal support for Opportunistic IPsec v Experimental
draft-nikander-esp-beet-mode A Bound End-to-End Tunnel (BEET) mode for ESP X Never ratified, but it is the scenario where a Linux kernel state's selector does not match the state's src/dst address.

EAP

Standard Description Status Comments
RFC-9190 EAP-TLS 1.3: Using the Extensible Authentication Protocol with TLS 1.3 v4.7
RFC-5998 An Extension for EAP-Only Authentication in IKEv2 v4.7?
RFC-5216 The EAP-TLS Authentication Protocol Updated by RFC-9190
RFC-3748 Extensible Authentication Protocol (EAP)
RFC-2716 PPP EAP TLS Authentication Protocol Obsoleted by RFC-5216

PF KEY V2

  • most BSD derived systems implement a flavour of PF KEY v2 using the KAME code base as a starting point
  • even Linux, which implements XFRM, has borrowed concepts from PF KEY v2
Standard Description Status Comments
RFC-2367 PF_KEY Key Management API, Version 2 v4.7 SADB messages to set up kernel state on BSD machines
draft-schilcher-mobike-pfkey-extension-01 MOBIKE Extensions for PF_KEY v4.7 also defines KAME's SPD extensions to set up kernel policy on BSD machine
PF_KEY Extensions for IPsec Policy Management in KAME Stack Post to KAME mailing list about PF KEY Some background


Cryptography: AEAD, Public Keys (formats, standards, DNS records) ...

Standard Description Status Comments
RFC-8813 Clarifications for Elliptic Curve Cryptography Subject Public Key Information
RFC-7468 Textual Encodings of PKIX, PKCS, and CMS Structures v ipsec showhostkey --pem: outputs 13. Textual Encoding of Subject Public Key Info
RFC-6605 Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC "ipsec --ipseckey" and "ipseckey --{left,right}" both dump ECDSA keys using the format described in 4. DNSKEY and RRSIG Resource Records for ECDSA
RFC-5280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile See 4.1.2.7. Subject Public Key Info
RFC-4648 The Base16, Base32, and Base64 Data Encodings v see datatot()
RFC-4034 Resource Records for the DNS Security Extensions
RFC-4025 A Method for Storing IPsec Keying Material in DNS v ipsec showhostkey --ipseckey: outputs the text for an IPSECKEY RR record
Algorithm 1, DSA: 2. DSA KEY Resource Records
Algorithm 2, RSA: RFC-3110 2. RSA Public KEY Resource Records
Algorithm 3, ECDSA: RFC-6605 4. DNSKEY and RRSIG Resource Records for ECDSA
Algorithm 4 will probably use RFC-5280 4.1.2.7. Subject Public Key Info
RFC-3110 RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS) v "ipsec --ipseckey" and "ipseckey --{left,right}" dump RSA keys using the format described in 2. RSA Public KEY Resource Records.
RFC-2536 DSA KEYs and SIGs in the Domain Name System (DNS) This won't be implemented.
RFC-1421 Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures Origins of PEM format.
draft-irtf-cfrg-aead-limits Usage Limits on AEAD Algorithms Hopefully answers the question of what limits to place on AEAD.