Standard
|
Description
|
Status
|
Comments
|
RFC 4307
|
Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
|
v
|
Obsoleted by RFC 8247
|
RFC 7296
|
Internet Key Exchange Protocol Version 2 (IKEv2)
|
v
|
Obsoletes RFC 5996 and RFC 4718
|
RFC 7815
|
Minimal Internet Key Exchange Version 2 (IKEv2) Initiator Implementation
|
X
|
This is a really just a subset of IKEv2 RFC 7296
|
RFC 4478
|
Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
|
p
|
|
RFC 4555
|
IKEv2 Mobility and Multihoming Protocol (MOBIKE)
|
v
|
"Additional Addresses" not supported
|
RFC 4595
|
Use of IKEv2 in the Fibre Channel Security Association Management Protocol
|
-
|
|
RFC 4615
|
The AES-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for IKE
|
p
|
CMAC is supoorted as INTEG (for ESP/IKE) but not as PRF(for IKE) - this is pending support in the NSS library.
|
RFC 4621
|
Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol
|
N/A
|
|
RFC 4739
|
Multiple Authentication Exchanges in the IKEv2 Protocol
|
p
|
|
RFC 4754
|
IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA)
|
v3.26
|
|
RFC 4806
|
Online Certificate Status Protocol (OCSP) Extensions to IKEv2
|
-
|
Regular OCSP fetching outside of IKE is supported.
|
RFC 5026
|
Mobile IPv6 Bootstrapping in Split Scenario
|
-
|
|
RFC 5282
|
Using Authenticated Encryption Algorithms with the Encrypted Payload of the IKEv2 Protocol
|
v
|
Only AES_GCM is implemented. AES_CCM requires support in the nss library
|
RFC 5685
|
Redirect Mechanism for IKEv2
|
v3.28
|
|
RFC 5857
|
IKEv2 Extensions to Support Robust Header Compression over IPsec
|
-
|
|
RFC 5723
|
Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption
|
p
|
|
RFC 5739
|
IPv6 Configuration in Internet Key Exchange Protocol Version 2 (IKEv2)
|
-
|
|
RFC 5903
|
ECP Groups for IKE and IKEv2
|
v
|
|
RFC 5930
|
Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol
|
v
|
|
RFC 5998
|
An Extension for EAP-only Authentication in IKEv2
|
-
|
|
RFC 6023
|
A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security Association (SA)
|
-
|
|
RFC 6027
|
IPsec Cluster Problem Statement
|
N/A
|
|
RFC 6290
|
A Quick Crash Detection Method for the Internet Key Exchange Protocol (IKE)
|
-
|
|
RFC 6311
|
Protocol Support for High Availability of IKEv2/IPsec
|
-
|
|
RFC 6467
|
Secure Password Framework for IKEv2
|
-
|
|
RFC 6617
|
Secure Pre-Shared Key (PSK) Authentication for the Internet Key Exchange Protocol (IKE)
|
-
|
|
RFC 6628
|
Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2
|
-
|
|
RFC 6631
|
Password Authenticated Connection Establishment with IKEv2
|
-
|
|
RFC 6867
|
An Internet Key Exchange Protocol Version 2 (IKEv2) Extension to Support EAP Re-authentication Protocol (ERP)
|
-
|
|
RFC 6932
|
Brainpool Elliptic Curves for the IKE Group Description Registry
|
-
|
|
RFC 6954
|
Using the Elliptic Curve Cryptography (ECC) Brainpool Curves for the Internet Key Exchange Protocol Version 2 (IKEv2)
|
-
|
|
RFC 6989
|
Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2)
|
N/A
|
This work is or needs to be done inside the nss library
|
RFC 7383
|
Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation
|
v
|
|
RFC 7427
|
Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)
|
v
|
Initial implementation only supports RSA-v1.5. More planned in near future
|
RFC 7619
|
The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2)
|
v
|
|
RFC 7634
|
ChaCha20, Poly1305, and Their Use in the IKE Protocol and IPsec
|
v3.26
|
|
RFC 7651
|
3GPP IP Multimedia Subsystems (IMS) Option for the Internet Key Exchange Protocol Version 2 (IKEv2)
|
-
|
|
RFC 7670
|
Generic Raw Public-Key Support for IKEv2
|
p
|
raw RSA public keys are supported using the core IKE RFCs
|
RFC 8019
|
Protecting Internet Key Exchange Protocol Version 2 (IKEv2) Implementations from Distributed Denial-of-Service Attacks
|
-
|
|
RFC 8247
|
Algorithm Implementation Requirements and Usage Guidance for the Internet Key Exchange Protocol Version 2 (IKEv2)
|
v
|
|
RFC 8229
|
TCP Encapsulation of IKE and IPsec Packets
|
v
|
IKE over TCP implemented - waiting on Linux kernel for ESP over TCP implementation. Does not currently support IKE/ESP over TLS
|
RFC 8784
|
Postquantum Preshared Keys for IKEv2
|
v3.25
|
|
draft-brunner-ikev2-mediation
|
IKEv2 Mediation Extension
|
-
|
|
draft-laganier-ike-ipv6-cga
|
Using IKE with IPv6 Cryptographically Generated Addresses
|
-
|
|
draft-ietf-ipsecme-split-dns
|
Split DNS Configuration for IKEv2
|
p
|
INTERNAL_DOMAIN implemented, INTERNAL_TA_DNSSEC not yet implemented
|
draft-ietf-ipsecme-ikev2-intermediate
|
Intermediate Exchange in the IKEv2 Protocol
|
v
|
Experimental
|
draft-ietf-ipsecme-labeled-ipsec
|
Labeled IPsec Traffic Selector support for IKEv2
|
v4.4
|
Internet-Draft
|