| draft-kivinen-ipsecme-ikev2-rfc5996bis-03.txt | draft-kivinen-ipsecme-ikev2-rfc5996bis-04.txt | |||
|---|---|---|---|---|
| Network Working Group C. Kaufman | Network Working Group C. Kaufman | |||
| Internet-Draft Microsoft | Internet-Draft Microsoft | |||
| Obsoletes: 5996 (if approved) P. Hoffman | Obsoletes: 5996 (if approved) P. Hoffman | |||
| Intended status: Standards Track VPN Consortium | Intended status: Standards Track VPN Consortium | |||
| Expires: October 27, 2014 Y. Nir | Expires: December 8, 2014 Y. Nir | |||
| Check Point | Check Point | |||
| P. Eronen | P. Eronen | |||
| Independent | Independent | |||
| T. Kivinen | T. Kivinen | |||
| INSIDE Secure | INSIDE Secure | |||
| April 25, 2014 | June 6, 2014 | |||
| Internet Key Exchange Protocol Version 2 (IKEv2) | Internet Key Exchange Protocol Version 2 (IKEv2) | |||
| draft-kivinen-ipsecme-ikev2-rfc5996bis-03.txt | draft-kivinen-ipsecme-ikev2-rfc5996bis-04.txt | |||
| Abstract | Abstract | |||
| This document describes version 2 of the Internet Key Exchange (IKE) | This document describes version 2 of the Internet Key Exchange (IKE) | |||
| protocol. IKE is a component of IPsec used for performing mutual | protocol. IKE is a component of IPsec used for performing mutual | |||
| authentication and establishing and maintaining Security Associations | authentication and establishing and maintaining Security Associations | |||
| (SAs). This document obsoletes RFC 5996, and includes all of the | (SAs). This document obsoletes RFC 5996, and includes all of the | |||
| errata for it, and it is intended to update IKEv2 to be Internet | errata for it. It advances IKEv2 to be an Internet Standard. | |||
| Standard. | ||||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on October 27, 2014. | This Internet-Draft will expire on December 8, 2014. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 109, line 4 | skipping to change at page 109, line 4 | |||
| completely specifies the cryptographic processing of IKE data, but | completely specifies the cryptographic processing of IKE data, but | |||
| those documents should be consulted for design rationale. Future | those documents should be consulted for design rationale. Future | |||
| documents may specify the processing of Encrypted payloads for other | documents may specify the processing of Encrypted payloads for other | |||
| types of transforms, such as counter mode encryption and | types of transforms, such as counter mode encryption and | |||
| authenticated encryption algorithms. Peers MUST NOT negotiate | authenticated encryption algorithms. Peers MUST NOT negotiate | |||
| transforms for which no such specification exists. | transforms for which no such specification exists. | |||
| When an authenticated encryption algorithm is used to protect the IKE | When an authenticated encryption algorithm is used to protect the IKE | |||
| SA, the construction of the Encrypted payload is different than what | SA, the construction of the Encrypted payload is different than what | |||
| is described here. See [AEAD] for more information on authenticated | is described here. See [AEAD] for more information on authenticated | |||
| encryption algorithms and their use in ESP. | encryption algorithms and their use in IKEv2. | |||
| The payload type for an Encrypted payload is forty-six (46). The | The payload type for an Encrypted payload is forty-six (46). The | |||
| Encrypted payload consists of the IKE generic payload header followed | Encrypted payload consists of the IKE generic payload header followed | |||
| by individual fields as follows: | by individual fields as follows: | |||
| 1 2 3 | 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| | Next Payload |C| RESERVED | Payload Length | | | Next Payload |C| RESERVED | Payload Length | | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | |||
| skipping to change at page 127, line 51 | skipping to change at page 127, line 51 | |||
| RFC 3168, September 2001. | RFC 3168, September 2001. | |||
| [ESPCBC] Pereira, R. and R. Adams, "The ESP CBC-Mode Cipher | [ESPCBC] Pereira, R. and R. Adams, "The ESP CBC-Mode Cipher | |||
| Algorithms", RFC 2451, November 1998. | Algorithms", RFC 2451, November 1998. | |||
| [HTTP] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., | [HTTP] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., | |||
| Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext | Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext | |||
| Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. | Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. | |||
| [IKEV2IANA] | [IKEV2IANA] | |||
| "Internet Key Exchange Version 2 (IKEv2) Parameters", | "Internet Key Exchange Version 2 (IKEv2) Parameters", <htt | |||
| <http://www.iana.org>. | p://www.iana.org/assignments/ikev2-parameters/ | |||
| ikev2-parameters.xhtml>. | ||||
| [IPSECARCH] | [IPSECARCH] | |||
| Kent, S. and K. Seo, "Security Architecture for the | Kent, S. and K. Seo, "Security Architecture for the | |||
| Internet Protocol", RFC 4301, December 2005. | Internet Protocol", RFC 4301, December 2005. | |||
| [MUSTSHOULD] | [MUSTSHOULD] | |||
| Bradner, S., "Key words for use in RFCs to Indicate | Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [PKCS1] Jonsson, J. and B. Kaliski, "Public-Key Cryptography | [PKCS1] Jonsson, J. and B. Kaliski, "Public-Key Cryptography | |||
| End of changes. 7 change blocks. | ||||
| 9 lines changed or deleted | 9 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||