Implemented Standards: Difference between revisions

From Libreswan
Jump to navigation Jump to search
No edit summary
No edit summary
Line 261: Line 261:
|-
|-
| -
| -
| [https://tools.ietf.org/html/draft-laganier-ike-ipv6-cga]
| [https://tools.ietf.org/html/draft-laganier-ike-ipv6-cga draft-laganier-ike-ipv6-cga]
|  Using IKE with IPv6 Cryptographically Generated Addresses
|  Using IKE with IPv6 Cryptographically Generated Addresses
|
|
|-
|-
 
| colspan="4"| IPsec
 
|-
 
| v
 
| [https://tools.ietf.org/html/rfc4301 RFC 4301 ]
 
| Security Architecture for the Internet Protocol
 
|
 
|v
| [https://tools.ietf.org/html/rfc4302 RFC 4302 ]
| IP Authentication Header (AH)
|
|v
| [https://tools.ietf.org/html/rfc4303 RFC 4303 ]
| IP Encapsulating Security Payload (ESP)
|
|v
| [https://tools.ietf.org/html/rfc4308 RFC 4308 ]
| Cryptographic Suites for IPsec
|
|-
| [https://tools.ietf.org/html/rfc7321 RFC 7321 ]
| Cryptographic Algorithm Implementation Requirements and Usage Guidance for ESP and AH Extensions
|
|-
| [https://tools.ietf.org/html/rfc2410 RFC 2410 ]
| The NULL Encryption Algorithm and Its Use With IPsec
|
|-
| [https://tools.ietf.org/html/rfc2451 RFC 2451 ]
| The ESP CBC-Mode Cipher Algorithms
|
|-
| [https://tools.ietf.org/html/rfc3602 RFC 3602 ]
| The AES-CBC Cipher Algorithm and Its Use with IPsec
|
|-
| [https://tools.ietf.org/html/rfc3948 RFC 3948 ]
| UDP Encapsulation of IPsec ESP Packets
|
|-
| [https://tools.ietf.org/html/rfc3686 RFC 3686 ]
| Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP)
|
|-
| [https://tools.ietf.org/html/rfc4106 RFC 4106 ]
| The Use of Galois/Counter Mode (GCM) in IPsec ESP
|
|-
| [https://tools.ietf.org/html/rfc4304 RFC 4304 ]
| Extended Sequence Number (ESN) Addendum to IPsec DOI for ISAKMP
|
|-
| [https://tools.ietf.org/html/rfc4309 RFC 4309 ]
| Using Advanced Encryption Standard (AES) CCM Mode with IPsec ESP
|
|-
| [https://tools.ietf.org/html/rfc4494 RFC 4494 ]
| The AES-CMAC-96 Algorithm and Its Use with IPsec
|
|-
| [https://tools.ietf.org/html/rfc4543 RFC 4543 ]
| The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH
|
|-
| [https://tools.ietf.org/html/rfc4868 RFC 4868 ]
| Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec
|
|-
| [https://tools.ietf.org/html/rfc5114 RFC 5114 ]
| Additional Diffie-Hellman Groups for Use with IETF Standards
|
|-
| [https://tools.ietf.org/html/rfc5529 RFC 5529 ]
| Modes of Operation for Camellia for Use with IPsec
|
|-
| [https://tools.ietf.org/html/rfc5660 RFC 5660 ]
| IPsec Channels: Connection Latching
|
|-
| [https://tools.ietf.org/html/rfc5879 RFC 5879 ]
| Heuristics for Detecting ESP-NULL Packets
|
|-
| [https://tools.ietf.org/html/rfc5840 RFC 5840 ]
| Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility
|
|-
| [https://tools.ietf.org/html/rfc6379 RFC 6379 ]
| Suite B Cryptographic Suites for IPsec
|
|-
| [https://tools.ietf.org/html/rfc6380 RFC 6380 ]
| Suite B Profile for Internet Protocol Security (IPsec)
|
|-
| [https://tools.ietf.org/html/rfc6479 RFC 6479 ]
| IPsec Anti-Replay Algorithm without Bit Shifting
|
|-
| [https://tools.ietf.org/html/rfc7018 RFC 7018 ]
| Auto-Discovery VPN Problem Statement and Requirements
|
|-
|}
|}

Revision as of 22:42, 17 June 2016

The following table lists the RFCs, drafts and standards related to IKE and IPsec. An overview of IKE and IPsec related RFC's is available in RFC 6071 |

Implementation status can be: implemented (v), planned (p), not implemented (-) or will not be implemented (X)

Status Standard Description Comments
IKEv1
v RFC 2407 IPsec Domain of Interpretation for ISAKMP (IPsec DoI)
v RFC 2408 Internet Security Association and Key Management Protocol (ISAKMP)
v RFC 2409 Internet Key Exchange (IKE) Revised Mode not implemented
v RFC 3526 More Modular Exponential (MODP) Diffie-Hellman groups
v RFC 3706 A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers known as "DPD"
v RFC 3947 Negotiation of NAT-Traversal in the IKE known as "NATT" or "ESPinUDP"
v draft-dukes-ike-mode-cfg The ISAKMP Configuration Method
v draft-ietf-ipsec-isakmp-xauth Extended Authentication within ISAKMP/Oakley (XAUTH)
v draft-jenkins-ipsec-rekeying IPsec Re-keying Issues Implementation differs on some point but accomplishes the same
X draft-ietf-ipsec-isakmp-hybrid-auth A Hybrid Authentication Mode for IKE
IKEv2
v RFC 4307 Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
v RFC 7296 Internet Key Exchange Protocol Version 2 (IKEv2) Obsoletes RFC 5996 and RFC 4718
X RFC 7815 Minimal Internet Key Exchange Version 2 (IKEv2) Initiator Implementation This is a really just a subset of IKEv2 RFC 7296
p RFC 4478 Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
p RFC 4555 IKEv2 Mobility and Multihoming Protocol (MOBIKE)
- RFC 4595 Use of IKEv2 in the Fibre Channel Security Association Management Protocol
- RFC 6515 The AES-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for IKE
p RFC 4621 Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol
p RFC 4739 Multiple Authentication Exchanges in the IKEv2 Protocol
p RFC 4754 IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA)
- RFC 4806 Online Certificate Status Protocol (OCSP) Extensions to IKEv2 Regular OCSP fetching outside of IKE is supported.
- RFC 5026 Mobile IPv6 Bootstrapping in Split Scenario
v RFC 5282 Using Authenticated Encryption Algorithms with the Encrypted Payload of the IKEv2 Protocol Only AES_GCM is implemented. AES_CCM requires support in the nss library
- RFC 5685 Redirect Mechanism for IKEv2
- RFC 5857 IKEv2 Extensions to Support Robust Header Compression over IPsec
p RFC 5723 Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption
- RFC 5739 IPv6 Configuration in Internet Key Exchange Protocol Version 2 (IKEv2)
p RFC 5903 ECP Groups for IKE and IKEv2
v RFC 5930 Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol
- RFC 5998 An Extension for EAP-only Authentication in IKEv2
- RFC 6023 A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security Association (SA)
N/A RFC 6027 IPsec Cluster Problem Statement
- RFC 6290 A Quick Crash Detection Method for the Internet Key Exchange Protocol (IKE)
- RFC 6311 Protocol Support for High Availability of IKEv2/IPsec
- RFC 6467 Secure Password Framework for IKEv2
- RFC 6617 Secure Pre-Shared Key (PSK) Authentication for the Internet Key Exchange Protocol (IKE)
- RFC 6628 Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2
- RFC 6631 Password Authenticated Connection Establishment with IKEv2
- RFC 6867 An Internet Key Exchange Protocol Version 2 (IKEv2) Extension to Support EAP Re-authentication Protocol (ERP)
- RFC 6932 Brainpool Elliptic Curves for the IKE Group Description Registry
- RFC 6954 Using the Elliptic Curve Cryptography (ECC) Brainpool Curves for the Internet Key Exchange Protocol Version 2 (IKEv2)
- RFC 6989 Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2) This work is or needs to be done inside the nss library
v RFC 7383 Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation
p RFC 7427 Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)
v RFC 7619 The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2)
p RFC 7634 ChaCha20, Poly1305, and Their Use in the IKE Protocol and IPsec
- RFC 7651 3GPP IP Multimedia Subsystems (IMS) Option for the Internet Key Exchange Protocol Version 2 (IKEv2)
p RFC 7670 Generic Raw Public-Key Support for IKEv2 raw RSA public keys are supported using the core IKE RFCs
- draft-brunner-ikev2-mediation IKEv2 Mediation Extension
- draft-laganier-ike-ipv6-cga Using IKE with IPv6 Cryptographically Generated Addresses
IPsec
v RFC 4301 Security Architecture for the Internet Protocol v RFC 4302 IP Authentication Header (AH) v RFC 4303 IP Encapsulating Security Payload (ESP) v RFC 4308 Cryptographic Suites for IPsec
RFC 7321 Cryptographic Algorithm Implementation Requirements and Usage Guidance for ESP and AH Extensions
RFC 2410 The NULL Encryption Algorithm and Its Use With IPsec
RFC 2451 The ESP CBC-Mode Cipher Algorithms
RFC 3602 The AES-CBC Cipher Algorithm and Its Use with IPsec
RFC 3948 UDP Encapsulation of IPsec ESP Packets
RFC 3686 Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP)
RFC 4106 The Use of Galois/Counter Mode (GCM) in IPsec ESP
RFC 4304 Extended Sequence Number (ESN) Addendum to IPsec DOI for ISAKMP
RFC 4309 Using Advanced Encryption Standard (AES) CCM Mode with IPsec ESP
RFC 4494 The AES-CMAC-96 Algorithm and Its Use with IPsec
RFC 4543 The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH
RFC 4868 Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec
RFC 5114 Additional Diffie-Hellman Groups for Use with IETF Standards
RFC 5529 Modes of Operation for Camellia for Use with IPsec
RFC 5660 IPsec Channels: Connection Latching
RFC 5879 Heuristics for Detecting ESP-NULL Packets
RFC 5840 Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility
RFC 6379 Suite B Cryptographic Suites for IPsec
RFC 6380 Suite B Profile for Internet Protocol Security (IPsec)
RFC 6479 IPsec Anti-Replay Algorithm without Bit Shifting
RFC 7018 Auto-Discovery VPN Problem Statement and Requirements
Retrieved from "https://libreswan.org/wiki/index.php?title=Implemented_Standards&oldid=20763"