--- 1/draft-kivinen-ipsecme-ikev2-rfc5996bis-03.txt 2014-06-06 03:14:24.628460644 -0700 +++ 2/draft-kivinen-ipsecme-ikev2-rfc5996bis-04.txt 2014-06-06 03:14:24.900467226 -0700 @@ -1,51 +1,50 @@ Network Working Group C. Kaufman Internet-Draft Microsoft Obsoletes: 5996 (if approved) P. Hoffman Intended status: Standards Track VPN Consortium -Expires: October 27, 2014 Y. Nir +Expires: December 8, 2014 Y. Nir Check Point P. Eronen Independent T. Kivinen INSIDE Secure - April 25, 2014 + June 6, 2014 Internet Key Exchange Protocol Version 2 (IKEv2) - draft-kivinen-ipsecme-ikev2-rfc5996bis-03.txt + draft-kivinen-ipsecme-ikev2-rfc5996bis-04.txt Abstract This document describes version 2 of the Internet Key Exchange (IKE) protocol. IKE is a component of IPsec used for performing mutual authentication and establishing and maintaining Security Associations (SAs). This document obsoletes RFC 5996, and includes all of the - errata for it, and it is intended to update IKEv2 to be Internet - Standard. + errata for it. It advances IKEv2 to be an Internet Standard. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on October 27, 2014. + This Internet-Draft will expire on December 8, 2014. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -5024,21 +5023,21 @@ completely specifies the cryptographic processing of IKE data, but those documents should be consulted for design rationale. Future documents may specify the processing of Encrypted payloads for other types of transforms, such as counter mode encryption and authenticated encryption algorithms. Peers MUST NOT negotiate transforms for which no such specification exists. When an authenticated encryption algorithm is used to protect the IKE SA, the construction of the Encrypted payload is different than what is described here. See [AEAD] for more information on authenticated - encryption algorithms and their use in ESP. + encryption algorithms and their use in IKEv2. The payload type for an Encrypted payload is forty-six (46). The Encrypted payload consists of the IKE generic payload header followed by individual fields as follows: 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Next Payload |C| RESERVED | Payload Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ @@ -5902,22 +5901,23 @@ RFC 3168, September 2001. [ESPCBC] Pereira, R. and R. Adams, "The ESP CBC-Mode Cipher Algorithms", RFC 2451, November 1998. [HTTP] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. [IKEV2IANA] - "Internet Key Exchange Version 2 (IKEv2) Parameters", - . + "Internet Key Exchange Version 2 (IKEv2) Parameters", . [IPSECARCH] Kent, S. and K. Seo, "Security Architecture for the Internet Protocol", RFC 4301, December 2005. [MUSTSHOULD] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [PKCS1] Jonsson, J. and B. Kaliski, "Public-Key Cryptography