aboutsummaryrefslogtreecommitdiffstats
path: root/doc/ikev2/[RFC2407] - The Internet IP Security Domain of Interpretation for ISAKMP.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/ikev2/[RFC2407] - The Internet IP Security Domain of Interpretation for ISAKMP.txt')
-rw-r--r--doc/ikev2/[RFC2407] - The Internet IP Security Domain of Interpretation for ISAKMP.txt1795
1 files changed, 0 insertions, 1795 deletions
diff --git a/doc/ikev2/[RFC2407] - The Internet IP Security Domain of Interpretation for ISAKMP.txt b/doc/ikev2/[RFC2407] - The Internet IP Security Domain of Interpretation for ISAKMP.txt
deleted file mode 100644
index 7b2f87c85..000000000
--- a/doc/ikev2/[RFC2407] - The Internet IP Security Domain of Interpretation for ISAKMP.txt
+++ /dev/null
@@ -1,1795 +0,0 @@
-
-
-
-
-
-
-Network Working Group D. Piper
-Request for Comments: 2407 Network Alchemy
-Category: Standards Track November 1998
-
-
- The Internet IP Security Domain of Interpretation for ISAKMP
-
-Status of this Memo
-
- This document specifies an Internet standards track protocol for the
- Internet community, and requests discussion and suggestions for
- improvements. Please refer to the current edition of the "Internet
- Official Protocol Standards" (STD 1) for the standardization state
- and status of this protocol. Distribution of this memo is unlimited.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (1998). All Rights Reserved.
-
-IESG Note
-
- Section 4.4.4.2 states, "All implememtations within the IPSEC DOI
- MUST support ESP_DES...". Recent work in the area of cryptanalysis
- suggests that DES may not be sufficiently strong for many
- applications. Therefore, it is very likely that the IETF will
- deprecate the use of ESP_DES as a mandatory cipher suite in the near
- future. It will remain as an optional use protocol. Although the
- IPsec working group and the IETF in general have not settled on an
- alternative algorithm (taking into account concerns of security and
- performance), implementers may want to heed the recommendations of
- section 4.4.4.3 on the use of ESP_3DES.
-
-1. Abstract
-
- The Internet Security Association and Key Management Protocol
- (ISAKMP) defines a framework for security association management and
- cryptographic key establishment for the Internet. This framework
- consists of defined exchanges, payloads, and processing guidelines
- that occur within a given Domain of Interpretation (DOI). This
- document defines the Internet IP Security DOI (IPSEC DOI), which
- instantiates ISAKMP for use with IP when IP uses ISAKMP to negotiate
- security associations.
-
- For a list of changes since the previous version of the IPSEC DOI,
- please see Section 7.
-
-
-
-
-
-
-Piper Standards Track [Page 1]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
-2. Introduction
-
- Within ISAKMP, a Domain of Interpretation is used to group related
- protocols using ISAKMP to negotiate security associations. Security
- protocols sharing a DOI choose security protocol and cryptographic
- transforms from a common namespace and share key exchange protocol
- identifiers. They also share a common interpretation of DOI-specific
- payload data content, including the Security Association and
- Identification payloads.
-
- Overall, ISAKMP places the following requirements on a DOI
- definition:
-
- o define the naming scheme for DOI-specific protocol identifiers
- o define the interpretation for the Situation field
- o define the set of applicable security policies
- o define the syntax for DOI-specific SA Attributes (Phase II)
- o define the syntax for DOI-specific payload contents
- o define additional Key Exchange types, if needed
- o define additional Notification Message types, if needed
-
- The remainder of this document details the instantiation of these
- requirements for using the IP Security (IPSEC) protocols to provide
- authentication, integrity, and/or confidentiality for IP packets sent
- between cooperating host systems and/or firewalls.
-
- For a description of the overall IPSEC architecture, see [ARCH],
- [AH], and [ESP].
-
-3. Terms and Definitions
-
- The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
- SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
- document, are to be interpreted as described in [RFC 2119].
-
-4.1 IPSEC Naming Scheme
-
- Within ISAKMP, all DOI's must be registered with the IANA in the
- "Assigned Numbers" RFC [STD-2]. The IANA Assigned Number for the
- Internet IP Security DOI (IPSEC DOI) is one (1). Within the IPSEC
- DOI, all well-known identifiers MUST be registered with the IANA
- under the IPSEC DOI. Unless otherwise noted, all tables within this
- document refer to IANA Assigned Numbers for the IPSEC DOI. See
- Section 6 for further information relating to the IANA registry for
- the IPSEC DOI.
-
- All multi-octet binary values are stored in network byte order.
-
-
-
-
-Piper Standards Track [Page 2]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
-4.2 IPSEC Situation Definition
-
- Within ISAKMP, the Situation provides information that can be used by
- the responder to make a policy determination about how to process the
- incoming Security Association request. For the IPSEC DOI, the
- Situation field is a four (4) octet bitmask with the following
- values.
-
- Situation Value
- --------- -----
- SIT_IDENTITY_ONLY 0x01
- SIT_SECRECY 0x02
- SIT_INTEGRITY 0x04
-
-4.2.1 SIT_IDENTITY_ONLY
-
- The SIT_IDENTITY_ONLY type specifies that the security association
- will be identified by source identity information present in an
- associated Identification Payload. See Section 4.6.2 for a complete
- description of the various Identification types. All IPSEC DOI
- implementations MUST support SIT_IDENTITY_ONLY by including an
- Identification Payload in at least one of the Phase I Oakley
- exchanges ([IKE], Section 5) and MUST abort any association setup
- that does not include an Identification Payload.
-
- If an initiator supports neither SIT_SECRECY nor SIT_INTEGRITY, the
- situation consists only of the 4 octet situation bitmap and does not
- include the Labeled Domain Identifier field (Figure 1, Section 4.6.1)
- or any subsequent label information. Conversely, if the initiator
- supports either SIT_SECRECY or SIT_INTEGRITY, the Labeled Domain
- Identifier MUST be included in the situation payload.
-
-4.2.2 SIT_SECRECY
-
- The SIT_SECRECY type specifies that the security association is being
- negotiated in an environment that requires labeled secrecy. If
- SIT_SECRECY is present in the Situation bitmap, the Situation field
- will be followed by variable-length data that includes a sensitivity
- level and compartment bitmask. See Section 4.6.1 for a complete
- description of the Security Association Payload format.
-
- If an initiator does not support SIT_SECRECY, SIT_SECRECY MUST NOT be
- set in the Situation bitmap and no secrecy level or category bitmaps
- shall be included.
-
- If a responder does not support SIT_SECRECY, a SITUATION-NOT-
- SUPPORTED Notification Payload SHOULD be returned and the security
- association setup MUST be aborted.
-
-
-
-Piper Standards Track [Page 3]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
-4.2.3 SIT_INTEGRITY
-
- The SIT_INTEGRITY type specifies that the security association is
- being negotiated in an environment that requires labeled integrity.
- If SIT_INTEGRITY is present in the Situation bitmap, the Situation
- field will be followed by variable-length data that includes an
- integrity level and compartment bitmask. If SIT_SECRECY is also in
- use for the association, the integrity information immediately
- follows the variable-length secrecy level and categories. See
- section 4.6.1 for a complete description of the Security Association
- Payload format.
-
- If an initiator does not support SIT_INTEGRITY, SIT_INTEGRITY MUST
- NOT be set in the Situation bitmap and no integrity level or category
- bitmaps shall be included.
-
- If a responder does not support SIT_INTEGRITY, a SITUATION-NOT-
- SUPPORTED Notification Payload SHOULD be returned and the security
- association setup MUST be aborted.
-
-4.3 IPSEC Security Policy Requirements
-
- The IPSEC DOI does not impose specific security policy requirements
- on any implementation. Host system policy issues are outside of the
- scope of this document.
-
- However, the following sections touch on some of the issues that must
- be considered when designing an IPSEC DOI host implementation. This
- section should be considered only informational in nature.
-
-4.3.1 Key Management Issues
-
- It is expected that many systems choosing to implement ISAKMP will
- strive to provide a protected domain of execution for a combined IKE
- key management daemon. On protected-mode multiuser operating
- systems, this key management daemon will likely exist as a separate
- privileged process.
-
- In such an environment, a formalized API to introduce keying material
- into the TCP/IP kernel may be desirable. The IP Security
- architecture does not place any requirements for structure or flow
- between a host TCP/IP kernel and its key management provider.
-
-
-
-
-
-
-
-
-
-Piper Standards Track [Page 4]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
-4.3.2 Static Keying Issues
-
- Host systems that implement static keys, either for use directly by
- IPSEC, or for authentication purposes (see [IKE] Section 5.4), should
- take steps to protect the static keying material when it is not
- residing in a protected memory domain or actively in use by the
- TCP/IP kernel.
-
- For example, on a laptop, one might choose to store the static keys
- in a configuration store that is, itself, encrypted under a private
- password.
-
- Depending on the operating system and utility software installed, it
- may not be possible to protect the static keys once they've been
- loaded into the TCP/IP kernel, however they should not be trivially
- recoverable on initial system startup without having to satisfy some
- additional form of authentication.
-
-4.3.3 Host Policy Issues
-
- It is not realistic to assume that the transition to IPSEC will occur
- overnight. Host systems must be prepared to implement flexible
- policy lists that describe which systems they desire to speak
- securely with and which systems they require speak securely to them.
- Some notion of proxy firewall addresses may also be required.
-
- A minimal approach is probably a static list of IP addresses, network
- masks, and a security required flag or flags.
-
- A more flexible implementation might consist of a list of wildcard
- DNS names (e.g. '*.foo.bar'), an in/out bitmask, and an optional
- firewall address. The wildcard DNS name would be used to match
- incoming or outgoing IP addresses, the in/out bitmask would be used
- to determine whether or not security was to be applied and in which
- direction, and the optional firewall address would be used to
- indicate whether or not tunnel mode would be needed to talk to the
- target system though an intermediate firewall.
-
-4.3.4 Certificate Management
-
- Host systems implementing a certificate-based authentication scheme
- will need a mechanism for obtaining and managing a database of
- certificates.
-
- Secure DNS is to be one certificate distribution mechanism, however
- the pervasive availability of secure DNS zones, in the short term, is
- doubtful for many reasons. What's far more likely is that hosts will
-
-
-
-
-Piper Standards Track [Page 5]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
- need an ability to import certificates that they acquire through
- secure, out-of-band mechanisms, as well as an ability to export their
- own certificates for use by other systems.
-
- However, manual certificate management should not be done so as to
- preclude the ability to introduce dynamic certificate discovery
- mechanisms and/or protocols as they become available.
-
-4.4 IPSEC Assigned Numbers
-
- The following sections list the Assigned Numbers for the IPSEC DOI:
- Situation Identifiers, Protocol Identifiers, Transform Identifiers,
- AH, ESP, and IPCOMP Transform Identifiers, Security Association
- Attribute Type Values, Labeled Domain Identifiers, ID Payload Type
- Values, and Notify Message Type Values.
-
-4.4.1 IPSEC Security Protocol Identifier
-
- The ISAKMP proposal syntax was specifically designed to allow for the
- simultaneous negotiation of multiple Phase II security protocol
- suites within a single negotiation. As a result, the protocol suites
- listed below form the set of protocols that can be negotiated at the
- same time. It is a host policy decision as to what protocol suites
- might be negotiated together.
-
- The following table lists the values for the Security Protocol
- Identifiers referenced in an ISAKMP Proposal Payload for the IPSEC
- DOI.
-
- Protocol ID Value
- ----------- -----
- RESERVED 0
- PROTO_ISAKMP 1
- PROTO_IPSEC_AH 2
- PROTO_IPSEC_ESP 3
- PROTO_IPCOMP 4
-
-4.4.1.1 PROTO_ISAKMP
-
- The PROTO_ISAKMP type specifies message protection required during
- Phase I of the ISAKMP protocol. The specific protection mechanism
- used for the IPSEC DOI is described in [IKE]. All implementations
- within the IPSEC DOI MUST support PROTO_ISAKMP.
-
- NB: ISAKMP reserves the value one (1) across all DOI definitions.
-
-
-
-
-
-
-Piper Standards Track [Page 6]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
-4.4.1.2 PROTO_IPSEC_AH
-
- The PROTO_IPSEC_AH type specifies IP packet authentication. The
- default AH transform provides data origin authentication, integrity
- protection, and replay detection. For export control considerations,
- confidentiality MUST NOT be provided by any PROTO_IPSEC_AH transform.
-
-4.4.1.3 PROTO_IPSEC_ESP
-
- The PROTO_IPSEC_ESP type specifies IP packet confidentiality.
- Authentication, if required, must be provided as part of the ESP
- transform. The default ESP transform includes data origin
- authentication, integrity protection, replay detection, and
- confidentiality.
-
-4.4.1.4 PROTO_IPCOMP
-
- The PROTO_IPCOMP type specifies IP payload compression as defined in
- [IPCOMP].
-
-4.4.2 IPSEC ISAKMP Transform Identifiers
-
- As part of an ISAKMP Phase I negotiation, the initiator's choice of
- Key Exchange offerings is made using some host system policy
- description. The actual selection of Key Exchange mechanism is made
- using the standard ISAKMP Proposal Payload. The following table
- lists the defined ISAKMP Phase I Transform Identifiers for the
- Proposal Payload for the IPSEC DOI.
-
- Transform Value
- --------- -----
- RESERVED 0
- KEY_IKE 1
-
- Within the ISAKMP and IPSEC DOI framework it is possible to define
- key establishment protocols other than IKE (Oakley). Previous
- versions of this document defined types both for manual keying and
- for schemes based on use of a generic Key Distribution Center (KDC).
- These identifiers have been removed from the current document.
-
- The IPSEC DOI can still be extended later to include values for
- additional non-Oakley key establishment protocols for ISAKMP and
- IPSEC, such as Kerberos [RFC-1510] or the Group Key Management
- Protocol (GKMP) [RFC-2093].
-
-
-
-
-
-
-
-Piper Standards Track [Page 7]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
-4.4.2.1 KEY_IKE
-
- The KEY_IKE type specifies the hybrid ISAKMP/Oakley Diffie-Hellman
- key exchange (IKE) as defined in the [IKE] document. All
- implementations within the IPSEC DOI MUST support KEY_IKE.
-
-4.4.3 IPSEC AH Transform Identifiers
-
- The Authentication Header Protocol (AH) defines one mandatory and
- several optional transforms used to provide authentication,
- integrity, and replay detection. The following table lists the
- defined AH Transform Identifiers for the ISAKMP Proposal Payload for
- the IPSEC DOI.
-
- Note: the Authentication Algorithm attribute MUST be specified to
- identify the appropriate AH protection suite. For example, AH_MD5
- can best be thought of as a generic AH transform using MD5. To
- request the HMAC construction with AH, one specifies the AH_MD5
- transform ID along with the Authentication Algorithm attribute set to
- HMAC-MD5. This is shown using the "Auth(HMAC-MD5)" notation in the
- following sections.
-
- Transform ID Value
- ------------ -----
- RESERVED 0-1
- AH_MD5 2
- AH_SHA 3
- AH_DES 4
-
- Note: all mandatory-to-implement algorithms are listed as "MUST"
- implement (e.g. AH_MD5) in the following sections. All other
- algorithms are optional and MAY be implemented in any particular
- implementation.
-
-4.4.3.1 AH_MD5
-
- The AH_MD5 type specifies a generic AH transform using MD5. The
- actual protection suite is determined in concert with an associated
- SA attribute list. A generic MD5 transform is currently undefined.
-
- All implementations within the IPSEC DOI MUST support AH_MD5 along
- with the Auth(HMAC-MD5) attribute. This suite is defined as the
- HMAC-MD5-96 transform described in [HMACMD5].
-
- The AH_MD5 type along with the Auth(KPDK) attribute specifies the AH
- transform (Key/Pad/Data/Key) described in RFC-1826.
-
-
-
-
-
-Piper Standards Track [Page 8]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
- Use of AH_MD5 with any other Authentication Algorithm attribute value
- is currently undefined.
-
-4.4.3.2 AH_SHA
-
- The AH_SHA type specifies a generic AH transform using SHA-1. The
- actual protection suite is determined in concert with an associated
- SA attribute list. A generic SHA transform is currently undefined.
-
- All implementations within the IPSEC DOI MUST support AH_SHA along
- with the Auth(HMAC-SHA) attribute. This suite is defined as the
- HMAC-SHA-1-96 transform described in [HMACSHA].
-
- Use of AH_SHA with any other Authentication Algorithm attribute value
- is currently undefined.
-
-4.4.3.3 AH_DES
-
- The AH_DES type specifies a generic AH transform using DES. The
- actual protection suite is determined in concert with an associated
- SA attribute list. A generic DES transform is currently undefined.
-
- The IPSEC DOI defines AH_DES along with the Auth(DES-MAC) attribute
- to be a DES-MAC transform. Implementations are not required to
- support this mode.
-
- Use of AH_DES with any other Authentication Algorithm attribute value
- is currently undefined.
-
-4.4.4 IPSEC ESP Transform Identifiers
-
- The Encapsulating Security Payload (ESP) defines one mandatory and
- many optional transforms used to provide data confidentiality. The
- following table lists the defined ESP Transform Identifiers for the
- ISAKMP Proposal Payload for the IPSEC DOI.
-
- Note: when authentication, integrity protection, and replay detection
- are required, the Authentication Algorithm attribute MUST be
- specified to identify the appropriate ESP protection suite. For
- example, to request HMAC-MD5 authentication with 3DES, one specifies
- the ESP_3DES transform ID with the Authentication Algorithm attribute
- set to HMAC-MD5. For additional processing requirements, see Section
- 4.5 (Authentication Algorithm).
-
-
-
-
-
-
-
-
-Piper Standards Track [Page 9]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
- Transform ID Value
- ------------ -----
- RESERVED 0
- ESP_DES_IV64 1
- ESP_DES 2
- ESP_3DES 3
- ESP_RC5 4
- ESP_IDEA 5
- ESP_CAST 6
- ESP_BLOWFISH 7
- ESP_3IDEA 8
- ESP_DES_IV32 9
- ESP_RC4 10
- ESP_NULL 11
-
- Note: all mandatory-to-implement algorithms are listed as "MUST"
- implement (e.g. ESP_DES) in the following sections. All other
- algorithms are optional and MAY be implemented in any particular
- implementation.
-
-4.4.4.1 ESP_DES_IV64
-
- The ESP_DES_IV64 type specifies the DES-CBC transform defined in
- RFC-1827 and RFC-1829 using a 64-bit IV.
-
-4.4.4.2 ESP_DES
-
- The ESP_DES type specifies a generic DES transform using DES-CBC.
- The actual protection suite is determined in concert with an
- associated SA attribute list. A generic transform is currently
- undefined.
-
- All implementations within the IPSEC DOI MUST support ESP_DES along
- with the Auth(HMAC-MD5) attribute. This suite is defined as the
- [DES] transform, with authentication and integrity provided by HMAC
- MD5 [HMACMD5].
-
-4.4.4.3 ESP_3DES
-
- The ESP_3DES type specifies a generic triple-DES transform. The
- actual protection suite is determined in concert with an associated
- SA attribute list. The generic transform is currently undefined.
-
- All implementations within the IPSEC DOI are strongly encouraged to
- support ESP_3DES along with the Auth(HMAC-MD5) attribute. This suite
- is defined as the [ESPCBC] transform, with authentication and
- integrity provided by HMAC MD5 [HMACMD5].
-
-
-
-
-Piper Standards Track [Page 10]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
-4.4.4.4 ESP_RC5
-
- The ESP_RC5 type specifies the RC5 transform defined in [ESPCBC].
-
-4.4.4.5 ESP_IDEA
-
- The ESP_IDEA type specifies the IDEA transform defined in [ESPCBC].
-
-4.4.4.6 ESP_CAST
-
- The ESP_CAST type specifies the CAST transform defined in [ESPCBC].
-
-4.4.4.7 ESP_BLOWFISH
-
- The ESP_BLOWFISH type specifies the BLOWFISH transform defined in
- [ESPCBC].
-
-4.4.4.8 ESP_3IDEA
-
- The ESP_3IDEA type is reserved for triple-IDEA.
-
-4.4.4.9 ESP_DES_IV32
-
- The ESP_DES_IV32 type specifies the DES-CBC transform defined in
- RFC-1827 and RFC-1829 using a 32-bit IV.
-
-4.4.4.10 ESP_RC4
-
- The ESP_RC4 type is reserved for RC4.
-
-4.4.4.11 ESP_NULL
-
- The ESP_NULL type specifies no confidentiality is to be provided by
- ESP. ESP_NULL is used when ESP is being used to tunnel packets which
- require only authentication, integrity protection, and replay
- detection.
-
- All implementations within the IPSEC DOI MUST support ESP_NULL. The
- ESP NULL transform is defined in [ESPNULL]. See the Authentication
- Algorithm attribute description in Section 4.5 for additional
- requirements relating to the use of ESP_NULL.
-
-4.4.5 IPSEC IPCOMP Transform Identifiers
-
- The IP Compression (IPCOMP) transforms define optional compression
- algorithms that can be negotiated to provide for IP payload
- compression ([IPCOMP]). The following table lists the defined IPCOMP
- Transform Identifiers for the ISAKMP Proposal Payload within the
-
-
-
-Piper Standards Track [Page 11]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
- IPSEC DOI.
-
- Transform ID Value
- ------------ -----
- RESERVED 0
- IPCOMP_OUI 1
- IPCOMP_DEFLATE 2
- IPCOMP_LZS 3
-
-4.4.5.1 IPCOMP_OUI
-
- The IPCOMP_OUI type specifies a proprietary compression transform.
- The IPCOMP_OUI type must be accompanied by an attribute which further
- identifies the specific vendor algorithm.
-
-4.4.5.2 IPCOMP_DEFLATE
-
- The IPCOMP_DEFLATE type specifies the use of the "zlib" deflate
- algorithm as specified in [DEFLATE].
-
-4.4.5.3 IPCOMP_LZS
-
- The IPCOMP_LZS type specifies the use of the Stac Electronics LZS
- algorithm as specified in [LZS].
-
-4.5 IPSEC Security Association Attributes
-
- The following SA attribute definitions are used in Phase II of an IKE
- negotiation. Attribute types can be either Basic (B) or Variable-
- Length (V). Encoding of these attributes is defined in the base
- ISAKMP specification.
-
- Attributes described as basic MUST NOT be encoded as variable.
- Variable length attributes MAY be encoded as basic attributes if
- their value can fit into two octets. See [IKE] for further
- information on attribute encoding in the IPSEC DOI. All restrictions
- listed in [IKE] also apply to the IPSEC DOI.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Piper Standards Track [Page 12]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
- Attribute Types
-
- class value type
- -------------------------------------------------
- SA Life Type 1 B
- SA Life Duration 2 V
- Group Description 3 B
- Encapsulation Mode 4 B
- Authentication Algorithm 5 B
- Key Length 6 B
- Key Rounds 7 B
- Compress Dictionary Size 8 B
- Compress Private Algorithm 9 V
-
- Class Values
-
- SA Life Type
- SA Duration
-
- Specifies the time-to-live for the overall security
- association. When the SA expires, all keys negotiated under
- the association (AH or ESP) must be renegotiated. The life
- type values are:
-
- RESERVED 0
- seconds 1
- kilobytes 2
-
- Values 3-61439 are reserved to IANA. Values 61440-65535 are
- for private use. For a given Life Type, the value of the
- Life Duration attribute defines the actual length of the
- component lifetime -- either a number of seconds, or a number
- of Kbytes that can be protected.
-
- If unspecified, the default value shall be assumed to be
- 28800 seconds (8 hours).
-
- An SA Life Duration attribute MUST always follow an SA Life
- Type which describes the units of duration.
-
- See Section 4.5.4 for additional information relating to
- lifetime notification.
-
- Group Description
-
- Specifies the Oakley Group to be used in a PFS QM
- negotiation. For a list of supported values, see Appendix A
- of [IKE].
-
-
-
-Piper Standards Track [Page 13]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
- Encapsulation Mode
- RESERVED 0
- Tunnel 1
- Transport 2
-
- Values 3-61439 are reserved to IANA. Values 61440-65535 are
- for private use.
-
- If unspecified, the default value shall be assumed to be
- unspecified (host-dependent).
-
- Authentication Algorithm
- RESERVED 0
- HMAC-MD5 1
- HMAC-SHA 2
- DES-MAC 3
- KPDK 4
-
- Values 5-61439 are reserved to IANA. Values 61440-65535 are
- for private use.
-
- There is no default value for Auth Algorithm, as it must be
- specified to correctly identify the applicable AH or ESP
- transform, except in the following case.
-
- When negotiating ESP without authentication, the Auth
- Algorithm attribute MUST NOT be included in the proposal.
-
- When negotiating ESP without confidentiality, the Auth
- Algorithm attribute MUST be included in the proposal and the
- ESP transform ID must be ESP_NULL.
-
- Key Length
- RESERVED 0
-
- There is no default value for Key Length, as it must be
- specified for transforms using ciphers with variable key
- lengths. For fixed length ciphers, the Key Length attribute
- MUST NOT be sent.
-
- Key Rounds
- RESERVED 0
-
- There is no default value for Key Rounds, as it must be
- specified for transforms using ciphers with varying numbers
- of rounds.
-
-
-
-
-
-Piper Standards Track [Page 14]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
- Compression Dictionary Size
- RESERVED 0
-
- Specifies the log2 maximum size of the dictionary.
-
- There is no default value for dictionary size.
-
- Compression Private Algorithm
-
- Specifies a private vendor compression algorithm. The first
- three (3) octets must be an IEEE assigned company_id (OUI).
- The next octet may be a vendor specific compression subtype,
- followed by zero or more octets of vendor data.
-
-4.5.1 Required Attribute Support
-
- To ensure basic interoperability, all implementations MUST be
- prepared to negotiate all of the following attributes.
-
- SA Life Type
- SA Duration
- Auth Algorithm
-
-4.5.2 Attribute Parsing Requirement (Lifetime)
-
- To allow for flexible semantics, the IPSEC DOI requires that a
- conforming ISAKMP implementation MUST correctly parse an attribute
- list that contains multiple instances of the same attribute class, so
- long as the different attribute entries do not conflict with one
- another. Currently, the only attributes which requires this
- treatment are Life Type and Duration.
-
- To see why this is important, the following example shows the binary
- encoding of a four entry attribute list that specifies an SA Lifetime
- of either 100MB or 24 hours. (See Section 3.3 of [ISAKMP] for a
- complete description of the attribute encoding format.)
-
- Attribute #1:
- 0x80010001 (AF = 1, type = SA Life Type, value = seconds)
-
- Attribute #2:
- 0x00020004 (AF = 0, type = SA Duration, length = 4 bytes)
- 0x00015180 (value = 0x15180 = 86400 seconds = 24 hours)
-
- Attribute #3:
- 0x80010002 (AF = 1, type = SA Life Type, value = KB)
-
-
-
-
-
-Piper Standards Track [Page 15]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
- Attribute #4:
- 0x00020004 (AF = 0, type = SA Duration, length = 4 bytes)
- 0x000186A0 (value = 0x186A0 = 100000KB = 100MB)
-
- If conflicting attributes are detected, an ATTRIBUTES-NOT-SUPPORTED
- Notification Payload SHOULD be returned and the security association
- setup MUST be aborted.
-
-4.5.3 Attribute Negotiation
-
- If an implementation receives a defined IPSEC DOI attribute (or
- attribute value) which it does not support, an ATTRIBUTES-NOT-SUPPORT
- SHOULD be sent and the security association setup MUST be aborted,
- unless the attribute value is in the reserved range.
-
- If an implementation receives an attribute value in the reserved
- range, an implementation MAY chose to continue based on local policy.
-
-4.5.4 Lifetime Notification
-
- When an initiator offers an SA lifetime greater than what the
- responder desires based on their local policy, the responder has
- three choices: 1) fail the negotiation entirely; 2) complete the
- negotiation but use a shorter lifetime than what was offered; 3)
- complete the negotiation and send an advisory notification to the
- initiator indicating the responder's true lifetime. The choice of
- what the responder actually does is implementation specific and/or
- based on local policy.
-
- To ensure interoperability in the latter case, the IPSEC DOI requires
- the following only when the responder wishes to notify the initiator:
- if the initiator offers an SA lifetime longer than the responder is
- willing to accept, the responder SHOULD include an ISAKMP
- Notification Payload in the exchange that includes the responder's
- IPSEC SA payload. Section 4.6.3.1 defines the payload layout for the
- RESPONDER-LIFETIME Notification Message type which MUST be used for
- this purpose.
-
-4.6 IPSEC Payload Content
-
- The following sections describe those ISAKMP payloads whose data
- representations are dependent on the applicable DOI.
-
-4.6.1 Security Association Payload
-
- The following diagram illustrates the content of the Security
- Association Payload for the IPSEC DOI. See Section 4.2 for a
- description of the Situation bitmap.
-
-
-
-Piper Standards Track [Page 16]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! Next Payload ! RESERVED ! Payload Length !
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! Domain of Interpretation (IPSEC) |
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! Situation (bitmap) !
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! Labeled Domain Identifier !
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! Secrecy Length (in octets) ! RESERVED !
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ~ Secrecy Level ~
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! Secrecy Cat. Length (in bits) ! RESERVED !
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ~ Secrecy Category Bitmap ~
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! Integrity Length (in octets) ! RESERVED !
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ~ Integrity Level ~
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! Integ. Cat. Length (in bits) ! RESERVED !
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ~ Integrity Category Bitmap ~
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- Figure 1: Security Association Payload Format
-
- The Security Association Payload is defined as follows:
-
- o Next Payload (1 octet) - Identifier for the payload type of
- the next payload in the message. If the current payload is the
- last in the message, this field will be zero (0).
-
- o RESERVED (1 octet) - Unused, must be zero (0).
-
- o Payload Length (2 octets) - Length, in octets, of the current
- payload, including the generic header.
-
- o Domain of Interpretation (4 octets) - Specifies the IPSEC DOI,
- which has been assigned the value one (1).
-
- o Situation (4 octets) - Bitmask used to interpret the remainder
- of the Security Association Payload. See Section 4.2 for a
- complete list of values.
-
-
-
-
-
-Piper Standards Track [Page 17]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
- o Labeled Domain Identifier (4 octets) - IANA Assigned Number used
- to interpret the Secrecy and Integrity information.
-
- o Secrecy Length (2 octets) - Specifies the length, in octets, of
- the secrecy level identifier, excluding pad bits.
-
- o RESERVED (2 octets) - Unused, must be zero (0).
-
- o Secrecy Level (variable length) - Specifies the mandatory
- secrecy level required. The secrecy level MUST be padded with
- zero (0) to align on the next 32-bit boundary.
-
- o Secrecy Category Length (2 octets) - Specifies the length, in
- bits, of the secrecy category (compartment) bitmap, excluding
- pad bits.
-
- o RESERVED (2 octets) - Unused, must be zero (0).
-
- o Secrecy Category Bitmap (variable length) - A bitmap used to
- designate secrecy categories (compartments) that are required.
- The bitmap MUST be padded with zero (0) to align on the next
- 32-bit boundary.
-
- o Integrity Length (2 octets) - Specifies the length, in octets,
- of the integrity level identifier, excluding pad bits.
-
- o RESERVED (2 octets) - Unused, must be zero (0).
-
- o Integrity Level (variable length) - Specifies the mandatory
- integrity level required. The integrity level MUST be padded
- with zero (0) to align on the next 32-bit boundary.
-
- o Integrity Category Length (2 octets) - Specifies the length, in
- bits, of the integrity category (compartment) bitmap, excluding
- pad bits.
-
- o RESERVED (2 octets) - Unused, must be zero (0).
-
- o Integrity Category Bitmap (variable length) - A bitmap used to
- designate integrity categories (compartments) that are required.
- The bitmap MUST be padded with zero (0) to align on the next
- 32-bit boundary.
-
-4.6.1.1 IPSEC Labeled Domain Identifiers
-
- The following table lists the assigned values for the Labeled Domain
- Identifier field contained in the Situation field of the Security
- Association Payload.
-
-
-
-Piper Standards Track [Page 18]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
- Domain Value
- ------- -----
- RESERVED 0
-
-4.6.2 Identification Payload Content
-
- The Identification Payload is used to identify the initiator of the
- Security Association. The identity of the initiator SHOULD be used
- by the responder to determine the correct host system security policy
- requirement for the association. For example, a host might choose to
- require authentication and integrity without confidentiality (AH)
- from a certain set of IP addresses and full authentication with
- confidentiality (ESP) from another range of IP addresses. The
- Identification Payload provides information that can be used by the
- responder to make this decision.
-
- During Phase I negotiations, the ID port and protocol fields MUST be
- set to zero or to UDP port 500. If an implementation receives any
- other values, this MUST be treated as an error and the security
- association setup MUST be aborted. This event SHOULD be auditable.
-
- The following diagram illustrates the content of the Identification
- Payload.
-
- 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! Next Payload ! RESERVED ! Payload Length !
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ! ID Type ! Protocol ID ! Port !
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- ~ Identification Data ~
- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-
- Figure 2: Identification Payload Format
-
- The Identification Payload fields are defined as follows:
-
- o Next Payload (1 octet) - Identifier for the payload type of
- the next payload in the message. If the current payload is the
- last in the message, this field will be zero (0).
-
- o RESERVED (1 octet) - Unused, must be zero (0).
-
- o Payload Length (2 octets) - Length, in octets, of the
- identification data, including the generic header.
-
- o Identification Type (1 octet) - Value describing the identity
- information found in the Identification Data field.
-
-
-
-Piper Standards Track [Page 19]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
- o Protocol ID (1 octet) - Value specifying an associated IP
- protocol ID (e.g. UDP/TCP). A value of zero means that the
- Protocol ID field should be ignored.
-
- o Port (2 octets) - Value specifying an associated port. A value
- of zero means that the Port field should be ignored.
-
- o Identification Data (variable length) - Value, as indicated by
- the Identification Type.
-
-4.6.2.1 Identification Type Values
-
- The following table lists the assigned values for the Identification
- Type field found in the Identification Payload.
-
- ID Type Value
- ------- -----
- RESERVED 0
- ID_IPV4_ADDR 1
- ID_FQDN 2
- ID_USER_FQDN 3
- ID_IPV4_ADDR_SUBNET 4
- ID_IPV6_ADDR 5
- ID_IPV6_ADDR_SUBNET 6
- ID_IPV4_ADDR_RANGE 7
- ID_IPV6_ADDR_RANGE 8
- ID_DER_ASN1_DN 9
- ID_DER_ASN1_GN 10
- ID_KEY_ID 11
-
- For types where the ID entity is variable length, the size of the ID
- entity is computed from size in the ID payload header.
-
- When an IKE exchange is authenticated using certificates (of any
- format), any ID's used for input to local policy decisions SHOULD be
- contained in the certificate used in the authentication of the
- exchange.
-
-4.6.2.2 ID_IPV4_ADDR
-
- The ID_IPV4_ADDR type specifies a single four (4) octet IPv4 address.
-
-4.6.2.3 ID_FQDN
-
- The ID_FQDN type specifies a fully-qualified domain name string. An
- example of a ID_FQDN is, "foo.bar.com". The string should not
- contain any terminators.
-
-
-
-
-Piper Standards Track [Page 20]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
-4.6.2.4 ID_USER_FQDN
-
- The ID_USER_FQDN type specifies a fully-qualified username string, An
- example of a ID_USER_FQDN is, "piper@foo.bar.com". The string should
- not contain any terminators.
-
-4.6.2.5 ID_IPV4_ADDR_SUBNET
-
- The ID_IPV4_ADDR_SUBNET type specifies a range of IPv4 addresses,
- represented by two four (4) octet values. The first value is an IPv4
- address. The second is an IPv4 network mask. Note that ones (1s) in
- the network mask indicate that the corresponding bit in the address
- is fixed, while zeros (0s) indicate a "wildcard" bit.
-
-4.6.2.6 ID_IPV6_ADDR
-
- The ID_IPV6_ADDR type specifies a single sixteen (16) octet IPv6
- address.
-
-4.6.2.7 ID_IPV6_ADDR_SUBNET
-
- The ID_IPV6_ADDR_SUBNET type specifies a range of IPv6 addresses,
- represented by two sixteen (16) octet values. The first value is an
- IPv6 address. The second is an IPv6 network mask. Note that ones
- (1s) in the network mask indicate that the corresponding bit in the
- address is fixed, while zeros (0s) indicate a "wildcard" bit.
-
-4.6.2.8 ID_IPV4_ADDR_RANGE
-
- The ID_IPV4_ADDR_RANGE type specifies a range of IPv4 addresses,
- represented by two four (4) octet values. The first value is the
- beginning IPv4 address (inclusive) and the second value is the ending
- IPv4 address (inclusive). All addresses falling between the two
- specified addresses are considered to be within the list.
-
-4.6.2.9 ID_IPV6_ADDR_RANGE
-
- The ID_IPV6_ADDR_RANGE type specifies a range of IPv6 addresses,
- represented by two sixteen (16) octet values. The first value is the
- beginning IPv6 address (inclusive) and the second value is the ending
- IPv6 address (inclusive). All addresses falling between the two
- specified addresses are considered to be within the list.
-
-4.6.2.10 ID_DER_ASN1_DN
-
- The ID_DER_ASN1_DN type specifies the binary DER encoding of an ASN.1
- X.500 Distinguished Name [X.501] of the principal whose certificates
- are being exchanged to establish the SA.
-
-
-
-Piper Standards Track [Page 21]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
-4.6.2.11 ID_DER_ASN1_GN
-
- The ID_DER_ASN1_GN type specifies the binary DER encoding of an ASN.1
- X.500 GeneralName [X.509] of the principal whose certificates are
- being exchanged to establish the SA.
-
-4.6.2.12 ID_KEY_ID
-
- The ID_KEY_ID type specifies an opaque byte stream which may be used
- to pass vendor-specific information necessary to identify which pre-
- shared key should be used to authenticate Aggressive mode
- negotiations.
-
-4.6.3 IPSEC Notify Message Types
-
- ISAKMP defines two blocks of Notify Message codes, one for errors and
- one for status messages. ISAKMP also allocates a portion of each
- block for private use within a DOI. The IPSEC DOI defines the
- following private message types for its own use.
-
- Notify Messages - Error Types Value
- ----------------------------- -----
- RESERVED 8192
-
- Notify Messages - Status Types Value
- ------------------------------ -----
- RESPONDER-LIFETIME 24576
- REPLAY-STATUS 24577
- INITIAL-CONTACT 24578
-
- Notification Status Messages MUST be sent under the protection of an
- ISAKMP SA: either as a payload in the last Main Mode exchange; in a
- separate Informational Exchange after Main Mode or Aggressive Mode
- processing is complete; or as a payload in any Quick Mode exchange.
- These messages MUST NOT be sent in Aggressive Mode exchange, since
- Aggressive Mode does not provide the necessary protection to bind the
- Notify Status Message to the exchange.
-
- Nota Bene: a Notify payload is fully protected only in Quick Mode,
- where the entire payload is included in the HASH(n) digest. In Main
- Mode, while the notify payload is encrypted, it is not currently
- included in the HASH(n) digests. As a result, an active substitution
- attack on the Main Mode ciphertext could cause the notify status
- message type to be corrupted. (This is true, in general, for the
- last message of any Main Mode exchange.) While the risk is small, a
- corrupt notify message might cause the receiver to abort the entire
- negotiation thinking that the sender encountered a fatal error.
-
-
-
-
-Piper Standards Track [Page 22]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
- Implementation Note: the ISAKMP protocol does not guarantee delivery
- of Notification Status messages when sent in an ISAKMP Informational
- Exchange. To ensure receipt of any particular message, the sender
- SHOULD include a Notification Payload in a defined Main Mode or Quick
- Mode exchange which is protected by a retransmission timer.
-
-4.6.3.1 RESPONDER-LIFETIME
-
- The RESPONDER-LIFETIME status message may be used to communicate the
- IPSEC SA lifetime chosen by the responder.
-
- When present, the Notification Payload MUST have the following
- format:
-
- o Payload Length - set to length of payload + size of data (var)
- o DOI - set to IPSEC DOI (1)
- o Protocol ID - set to selected Protocol ID from chosen SA
- o SPI Size - set to either sixteen (16) (two eight-octet ISAKMP
- cookies) or four (4) (one IPSEC SPI)
- o Notify Message Type - set to RESPONDER-LIFETIME (Section 4.6.3)
- o SPI - set to the two ISAKMP cookies or to the sender's inbound
- IPSEC SPI
- o Notification Data - contains an ISAKMP attribute list with the
- responder's actual SA lifetime(s)
-
- Implementation Note: saying that the Notification Data field contains
- an attribute list is equivalent to saying that the Notification Data
- field has zero length and the Notification Payload has an associated
- attribute list.
-
-4.6.3.2 REPLAY-STATUS
-
- The REPLAY-STATUS status message may be used for positive
- confirmation of the responder's election on whether or not he is to
- perform anti-replay detection.
-
- When present, the Notification Payload MUST have the following
- format:
-
- o Payload Length - set to length of payload + size of data (4)
- o DOI - set to IPSEC DOI (1)
- o Protocol ID - set to selected Protocol ID from chosen SA
- o SPI Size - set to either sixteen (16) (two eight-octet ISAKMP
- cookies) or four (4) (one IPSEC SPI)
- o Notify Message Type - set to REPLAY-STATUS
- o SPI - set to the two ISAKMP cookies or to the sender's inbound
- IPSEC SPI
- o Notification Data - a 4 octet value:
-
-
-
-Piper Standards Track [Page 23]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
- 0 = replay detection disabled
- 1 = replay detection enabled
-
-4.6.3.3 INITIAL-CONTACT
-
- The INITIAL-CONTACT status message may be used when one side wishes
- to inform the other that this is the first SA being established with
- the remote system. The receiver of this Notification Message might
- then elect to delete any existing SA's it has for the sending system
- under the assumption that the sending system has rebooted and no
- longer has access to the original SA's and their associated keying
- material. When used, the content of the Notification Data field
- SHOULD be null (i.e. the Payload Length should be set to the fixed
- length of Notification Payload).
-
- When present, the Notification Payload MUST have the following
- format:
-
- o Payload Length - set to length of payload + size of data (0)
- o DOI - set to IPSEC DOI (1)
- o Protocol ID - set to selected Protocol ID from chosen SA
- o SPI Size - set to sixteen (16) (two eight-octet ISAKMP cookies)
- o Notify Message Type - set to INITIAL-CONTACT
- o SPI - set to the two ISAKMP cookies
- o Notification Data - <not included>
-
-4.7 IPSEC Key Exchange Requirements
-
- The IPSEC DOI introduces no additional Key Exchange types.
-
-5. Security Considerations
-
- This entire memo pertains to the Internet Key Exchange protocol
- ([IKE]), which combines ISAKMP ([ISAKMP]) and Oakley ([OAKLEY]) to
- provide for the derivation of cryptographic keying material in a
- secure and authenticated manner. Specific discussion of the various
- security protocols and transforms identified in this document can be
- found in the associated base documents and in the cipher references.
-
-6. IANA Considerations
-
- This document contains many "magic" numbers to be maintained by the
- IANA. This section explains the criteria to be used by the IANA to
- assign additional numbers in each of these lists. All values not
- explicitly defined in previous sections are reserved to IANA.
-
-
-
-
-
-
-Piper Standards Track [Page 24]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
-6.1 IPSEC Situation Definition
-
- The Situation Definition is a 32-bit bitmask which represents the
- environment under which the IPSEC SA proposal and negotiation is
- carried out. Requests for assignments of new situations must be
- accompanied by an RFC which describes the interpretation for the
- associated bit.
-
- If the RFC is not on the standards-track (i.e., it is an
- informational or experimental RFC), it must be explicitly reviewed
- and approved by the IESG before the RFC is published and the
- transform identifier is assigned.
-
- The upper two bits are reserved for private use amongst cooperating
- systems.
-
-6.2 IPSEC Security Protocol Identifiers
-
- The Security Protocol Identifier is an 8-bit value which identifies a
- security protocol suite being negotiated. Requests for assignments
- of new security protocol identifiers must be accompanied by an RFC
- which describes the requested security protocol. [AH] and [ESP] are
- examples of security protocol documents.
-
- If the RFC is not on the standards-track (i.e., it is an
- informational or experimental RFC), it must be explicitly reviewed
- and approved by the IESG before the RFC is published and the
- transform identifier is assigned.
-
- The values 249-255 are reserved for private use amongst cooperating
- systems.
-
-6.3 IPSEC ISAKMP Transform Identifiers
-
- The IPSEC ISAKMP Transform Identifier is an 8-bit value which
- identifies a key exchange protocol to be used for the negotiation.
- Requests for assignments of new ISAKMP transform identifiers must be
- accompanied by an RFC which describes the requested key exchange
- protocol. [IKE] is an example of one such document.
-
- If the RFC is not on the standards-track (i.e., it is an
- informational or experimental RFC), it must be explicitly reviewed
- and approved by the IESG before the RFC is published and the
- transform identifier is assigned.
-
- The values 249-255 are reserved for private use amongst cooperating
- systems.
-
-
-
-
-Piper Standards Track [Page 25]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
-6.4 IPSEC AH Transform Identifiers
-
- The IPSEC AH Transform Identifier is an 8-bit value which identifies
- a particular algorithm to be used to provide integrity protection for
- AH. Requests for assignments of new AH transform identifiers must be
- accompanied by an RFC which describes how to use the algorithm within
- the AH framework ([AH]).
-
- If the RFC is not on the standards-track (i.e., it is an
- informational or experimental RFC), it must be explicitly reviewed
- and approved by the IESG before the RFC is published and the
- transform identifier is assigned.
-
- The values 249-255 are reserved for private use amongst cooperating
- systems.
-
-6.5 IPSEC ESP Transform Identifiers
-
- The IPSEC ESP Transform Identifier is an 8-bit value which identifies
- a particular algorithm to be used to provide secrecy protection for
- ESP. Requests for assignments of new ESP transform identifiers must
- be accompanied by an RFC which describes how to use the algorithm
- within the ESP framework ([ESP]).
-
- If the RFC is not on the standards-track (i.e., it is an
- informational or experimental RFC), it must be explicitly reviewed
- and approved by the IESG before the RFC is published and the
- transform identifier is assigned.
-
- The values 249-255 are reserved for private use amongst cooperating
- systems.
-
-6.6 IPSEC IPCOMP Transform Identifiers
-
- The IPSEC IPCOMP Transform Identifier is an 8-bit value which
- identifier a particular algorithm to be used to provide IP-level
- compression before ESP. Requests for assignments of new IPCOMP
- transform identifiers must be accompanied by an RFC which describes
- how to use the algorithm within the IPCOMP framework ([IPCOMP]). In
- addition, the requested algorithm must be published and in the public
- domain.
-
- If the RFC is not on the standards-track (i.e., it is an
- informational or experimental RFC), it must be explicitly reviewed
- and approved by the IESG before the RFC is published and the
- transform identifier is assigned.
-
-
-
-
-
-Piper Standards Track [Page 26]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
- The values 1-47 are reserved for algorithms for which an RFC has been
- approved for publication. The values 48-63 are reserved for private
- use amongst cooperating systems. The values 64-255 are reserved for
- future expansion.
-
-6.7 IPSEC Security Association Attributes
-
- The IPSEC Security Association Attribute consists of a 16-bit type
- and its associated value. IPSEC SA attributes are used to pass
- miscellaneous values between ISAKMP peers. Requests for assignments
- of new IPSEC SA attributes must be accompanied by an Internet Draft
- which describes the attribute encoding (Basic/Variable-Length) and
- its legal values. Section 4.5 of this document provides an example
- of such a description.
-
- The values 32001-32767 are reserved for private use amongst
- cooperating systems.
-
-6.8 IPSEC Labeled Domain Identifiers
-
- The IPSEC Labeled Domain Identifier is a 32-bit value which
- identifies a namespace in which the Secrecy and Integrity levels and
- categories values are said to exist. Requests for assignments of new
- IPSEC Labeled Domain Identifiers should be granted on demand. No
- accompanying documentation is required, though Internet Drafts are
- encouraged when appropriate.
-
- The values 0x80000000-0xffffffff are reserved for private use amongst
- cooperating systems.
-
-6.9 IPSEC Identification Type
-
- The IPSEC Identification Type is an 8-bit value which is used as a
- discriminant for interpretation of the variable-length Identification
- Payload. Requests for assignments of new IPSEC Identification Types
- must be accompanied by an RFC which describes how to use the
- identification type within IPSEC.
-
- If the RFC is not on the standards-track (i.e., it is an
- informational or experimental RFC), it must be explicitly reviewed
- and approved by the IESG before the RFC is published and the
- transform identifier is assigned.
-
- The values 249-255 are reserved for private use amongst cooperating
- systems.
-
-
-
-
-
-
-Piper Standards Track [Page 27]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
-6.10 IPSEC Notify Message Types
-
- The IPSEC Notify Message Type is a 16-bit value taken from the range
- of values reserved by ISAKMP for each DOI. There is one range for
- error messages (8192-16383) and a different range for status messages
- (24576-32767). Requests for assignments of new Notify Message Types
- must be accompanied by an Internet Draft which describes how to use
- the identification type within IPSEC.
-
- The values 16001-16383 and the values 32001-32767 are reserved for
- private use amongst cooperating systems.
-
-7. Change Log
-
-7.1 Changes from V9
-
- o add explicit reference to [IPCOMP], [DEFLATE], and [LZS]
- o allow RESPONDER-LIFETIME and REPLAY-STATUS to be directed
- at an IPSEC SPI in addition to the ISAKMP "SPI"
- o added padding exclusion to Secrecy and Integrity Length text
- o added forward reference to Section 4.5 in Section 4.4.4
- o update document references
-
-7.2 Changes from V8
-
- o update IPCOMP identifier range to better reflect IPCOMP draft
- o update IANA considerations per Jeff/Ted's suggested text
- o eliminate references to DES-MAC ID ([DESMAC])
- o correct bug in Notify section; ISAKMP Notify values are 16-bits
-
-7.3 Changes from V7
-
- o corrected name of IPCOMP (IP Payload Compression)
- o corrected references to [ESPCBC]
- o added missing Secrecy Level and Integrity Level to Figure 1
- o removed ID references to PF_KEY and ARCFOUR
- o updated Basic/Variable text to align with [IKE]
- o updated document references and add intro pointer to [ARCH]
- o updated Notification requirements; remove aggressive reference
- o added clarification about protection for Notify payloads
- o restored RESERVED to ESP transform ID namespace; moved ESP_NULL
- o added requirement for ESP_NULL support and [ESPNULL] reference
- o added clarification on Auth Alg use with AH/ESP
- o added restriction against using conflicting AH/Auth combinations
-
-7.4 Changes from V6
-
- The following changes were made relative to the IPSEC DOI V6:
-
-
-
-Piper Standards Track [Page 28]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
- o added IANA Considerations section
- o moved most IANA numbers to IANA Considerations section
- o added prohibition on sending (V) encoding for (B) attributes
- o added prohibition on sending Key Length attribute for fixed
- length ciphers (e.g. DES)
- o replaced references to ISAKMP/Oakley with IKE
- o renamed ESP_ARCFOUR to ESP_RC4
- o updated Security Considerations section
- o updated document references
-
-7.5 Changes from V5
-
- The following changes were made relative to the IPSEC DOI V5:
-
- o changed SPI size in Lifetime Notification text
- o changed REPLAY-ENABLED to REPLAY-STATUS
- o moved RESPONDER-LIFETIME payload definition from Section 4.5.4
- to Section 4.6.3.1
- o added explicit payload layout for 4.6.3.3
- o added Implementation Note to Section 4.6.3 introduction
- o changed AH_SHA text to require SHA-1 in addition to MD5
- o updated document references
-
-7.6 Changes from V4
-
- The following changes were made relative to the IPSEC DOI V4:
-
- o moved compatibility AH KPDK authentication method from AH
- transform ID to Authentication Algorithm identifier
- o added REPLAY-ENABLED notification message type per Architecture
- o added INITIAL-CONTACT notification message type per list
- o added text to ensure protection for Notify Status messages
- o added Lifetime qualification to attribute parsing section
- o added clarification that Lifetime notification is optional
- o removed private Group Description list (now points at [IKE])
- o replaced Terminology with pointer to RFC-2119
- o updated HMAC MD5 and SHA-1 ID references
- o updated Section 1 (Abstract)
- o updated Section 4.4 (IPSEC Assigned Numbers)
- o added restriction for ID port/protocol values for Phase I
-
-7.7 Changes from V3 to V4
-
- The following changes were made relative to the IPSEC DOI V3, that
- was posted to the IPSEC mailing list prior to the Munich IETF:
-
- o added ESP transform identifiers for NULL and ARCFOUR
-
-
-
-
-Piper Standards Track [Page 29]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
- o renamed HMAC Algorithm to Auth Algorithm to accommodate
- DES-MAC and optional authentication/integrity for ESP
- o added AH and ESP DES-MAC algorithm identifiers
- o removed KEY_MANUAL and KEY_KDC identifier definitions
- o added lifetime duration MUST follow lifetype attribute to
- SA Life Type and SA Life Duration attribute definition
- o added lifetime notification and IPSEC DOI message type table
- o added optional authentication and confidentiality
- restrictions to MAC Algorithm attribute definition
- o corrected attribute parsing example (used obsolete attribute)
- o corrected several Internet Draft document references
- o added ID_KEY_ID per ipsec list discussion (18-Mar-97)
- o removed Group Description default for PFS QM ([IKE] MUST)
-
-Acknowledgments
-
- This document is derived, in part, from previous works by Douglas
- Maughan, Mark Schertler, Mark Schneider, Jeff Turner, Dan Harkins,
- and Dave Carrel. Matt Thomas, Roy Pereira, Greg Carter, and Ran
- Atkinson also contributed suggestions and, in many cases, text.
-
-References
-
- [AH] Kent, S., and R. Atkinson, "IP Authentication Header", RFC
- 2402, November 1998.
-
- [ARCH] Kent, S., and R. Atkinson, "Security Architecture for the
- Internet Protocol", RFC 2401, November 1998.
-
- [DEFLATE] Pereira, R., "IP Payload Compression Using DEFLATE", RFC
- 2394, August 1998.
-
- [ESP] Kent, S., and R. Atkinson, "IP Encapsulating Security
- Payload (ESP)", RFC 2406, November 1998.
-
- [ESPCBC] Pereira, R., and R. Adams, "The ESP CBC-Mode Cipher
- Algorithms", RFC 2451, November 1998.
-
- [ESPNULL] Glenn, R., and S. Kent, "The NULL Encryption Algorithm and
- Its Use With IPsec", RFC 2410, November 1998.
-
- [DES] Madson, C., and N. Doraswamy, "The ESP DES-CBC Cipher
- Algorithm With Explicit IV", RFC 2405, November 1998.
-
- [HMACMD5] Madson, C., and R. Glenn, "The Use of HMAC-MD5 within ESP
- and AH", RFC 2403, November 1998.
-
-
-
-
-
-Piper Standards Track [Page 30]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
- [HMACSHA] Madson, C., and R. Glenn, "The Use of HMAC-SHA-1-96 within
- ESP and AH", RFC 2404, November 1998.
-
- [IKE] Harkins, D., and D. Carrel, D., "The Internet Key Exchange
- (IKE)", RFC 2409, November 1998.
-
- [IPCOMP] Shacham, A., Monsour, R., Pereira, R., and M. Thomas, "IP
- Payload Compression Protocol (IPComp)", RFC 2393, August
- 1998.
-
- [ISAKMP] Maughan, D., Schertler, M., Schneider, M., and J. Turner,
- "Internet Security Association and Key Management Protocol
- (ISAKMP)", RFC 2408, November 1998.
-
- [LZS] Friend, R., and R. Monsour, "IP Payload Compression Using
- LZS", RFC 2395, August 1998.
-
- [OAKLEY] Orman, H., "The OAKLEY Key Determination Protocol", RFC
- 2412, November 1998.
-
- [X.501] ISO/IEC 9594-2, "Information Technology - Open Systems
- Interconnection - The Directory: Models", CCITT/ITU
- Recommendation X.501, 1993.
-
- [X.509] ISO/IEC 9594-8, "Information Technology - Open Systems
- Interconnection - The Directory: Authentication
- Framework", CCITT/ITU Recommendation X.509, 1993.
-
-Author's Address
-
- Derrell Piper
- Network Alchemy
- 1521.5 Pacific Ave
- Santa Cruz, California, 95060
- United States of America
-
- Phone: +1 408 460-3822
- EMail: ddp@network-alchemy.com
-
-
-
-
-
-
-
-
-
-
-
-
-
-Piper Standards Track [Page 31]
-
-RFC 2407 IP Security Domain of Interpretation November 1998
-
-
-Full Copyright Statement
-
- Copyright (C) The Internet Society (1998). All Rights Reserved.
-
- This document and translations of it may be copied and furnished to
- others, and derivative works that comment on or otherwise explain it
- or assist in its implementation may be prepared, copied, published
- and distributed, in whole or in part, without restriction of any
- kind, provided that the above copyright notice and this paragraph are
- included on all such copies and derivative works. However, this
- document itself may not be modified in any way, such as by removing
- the copyright notice or references to the Internet Society or other
- Internet organizations, except as needed for the purpose of
- developing Internet standards in which case the procedures for
- copyrights defined in the Internet Standards process must be
- followed, or as required to translate it into languages other than
- English.
-
- The limited permissions granted above are perpetual and will not be
- revoked by the Internet Society or its successors or assigns.
-
- This document and the information contained herein is provided on an
- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Piper Standards Track [Page 32]
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 21:21:23 +0000