Implemented Standards

From Libreswan
Revision as of 22:27, 17 June 2016 by Paul Wouters (talk | contribs)
Jump to navigation Jump to search

The following table lists the RFCs, drafts and standards related to IKE and IPsec. An overview of IKE and IPsec related RFC's is available in RFC 6071 |

Implementation status can be: implemented (v), planned (p), not implemented (-) or will not be implemented (X)

Status Standard Description Comments
IKEv1
v RFC 2407 IPsec Domain of Interpretation for ISAKMP (IPsec DoI)
v RFC 2408 Internet Security Association and Key Management Protocol (ISAKMP)
v RFC 2409 Internet Key Exchange (IKE) Revised Mode not implemented
v RFC 3526 More Modular Exponential (MODP) Diffie-Hellman groups
v RFC 3706 A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers known as "DPD"
v RFC 3947 Negotiation of NAT-Traversal in the IKE known as "NATT" or "ESPinUDP"
v draft-dukes-ike-mode-cfg The ISAKMP Configuration Method
v draft-ietf-ipsec-isakmp-xauth Extended Authentication within ISAKMP/Oakley (XAUTH)
v draft-jenkins-ipsec-rekeying IPsec Re-keying Issues Implementation differs on some point but accomplishes the same
X draft-ietf-ipsec-isakmp-hybrid-auth A Hybrid Authentication Mode for IKE
IKEv2
v RFC 4307 Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
v RFC 7296 Internet Key Exchange Protocol Version 2 (IKEv2) Obsoletes RFC 5996 and RFC 4718
X RFC 7815 Minimal Internet Key Exchange Version 2 (IKEv2) Initiator Implementation This is a really just a subset of IKEv2 RFC 7296
p RFC 4478 Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
p RFC 4555 IKEv2 Mobility and Multihoming Protocol (MOBIKE)
- RFC 4595 Use of IKEv2 in the Fibre Channel Security Association Management Protocol
- RFC 6515 The AES-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for IKE
p RFC 4621 Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol
p RFC 4739 Multiple Authentication Exchanges in the IKEv2 Protocol
p RFC 4754 IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA)
- RFC 4806 Online Certificate Status Protocol (OCSP) Extensions to IKEv2 Regular OCSP fetching outside of IKE is supported.
- RFC 5026 Mobile IPv6 Bootstrapping in Split Scenario
v RFC 5282 Using Authenticated Encryption Algorithms with the Encrypted Payload of the IKEv2 Protocol Only AES_GCM is implemented. AES_CCM requires support in the nss library
- RFC 5685 Redirect Mechanism for IKEv2
- RFC 5857 IKEv2 Extensions to Support Robust Header Compression over IPsec
p RFC 5723 Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption
- RFC 5739 IPv6 Configuration in Internet Key Exchange Protocol Version 2 (IKEv2)
p RFC 5903 ECP Groups for IKE and IKEv2
v RFC 5930 Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol
- RFC 5998 An Extension for EAP-only Authentication in IKEv2
- RFC 6023 A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security Association (SA)
N/A RFC 6027 IPsec Cluster Problem Statement
- RFC 6290 A Quick Crash Detection Method for the Internet Key Exchange Protocol (IKE)
- RFC 6311 Protocol Support for High Availability of IKEv2/IPsec
- RFC 6467 Secure Password Framework for IKEv2
- RFC 6617 Secure Pre-Shared Key (PSK) Authentication for the Internet Key Exchange Protocol (IKE)
- RFC 6628 Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2
- RFC 6631 Password Authenticated Connection Establishment with IKEv2
- RFC 6867 An Internet Key Exchange Protocol Version 2 (IKEv2) Extension to Support EAP Re-authentication Protocol (ERP)
- RFC 6932 Brainpool Elliptic Curves for the IKE Group Description Registry
- RFC 6954 Using the Elliptic Curve Cryptography (ECC) Brainpool Curves for the Internet Key Exchange Protocol Version 2 (IKEv2)
RFC 6989 Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2) This work is or needs to be done inside the nss library
v RFC 7383 Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation
p RFC 7427 Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)
v RFC 7619 The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2)
p RFC 7634 ChaCha20, Poly1305, and Their Use in the IKE Protocol and IPsec
- RFC 7651 3GPP IP Multimedia Subsystems (IMS) Option for the Internet Key Exchange Protocol Version 2 (IKEv2)
p RFC 7670 Generic Raw Public-Key Support for IKEv2 raw RSA public keys are supported using the core IKE RFCs
- draft-brunner-ikev2-mediation IKEv2 Mediation Extension
- [1] Using IKE with IPv6 Cryptographically Generated Addresses