• IPsec and related standards
  • IPsec and IKE Roadmap
  • IKEv1
    • Core Standards
    • Extensions
  • IKEv2
    • Core Standards
    • Extensions
  • IPsec
    • Core Standards
    • Extensions
  • Multicast IPsec
  • Mobile IPv6
  • PKI
  • EAP
  • RADIUS
  • DNS
  • NEA

IPsec and related standards¶

This is a list of IPsec and IPsec-related standards and drafts.

IPsec and IKE Roadmap¶

• RFC 6071: IPsec and IKE Document Roadmap

IKEv1¶

Core Standards¶

• RFC 2407: IPsec Domain of Interpretation for ISAKMP (IPsec DoI)
• RFC 2408: Internet Security Association and Key Management Protocol (ISAKMP)
• RFC 2409: Internet Key Exchange (IKE)

Extensions¶

• RFC 3706: A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers
• RFC 3947: Negotiation of NAT-Traversal in the IKE
• draft-dukes-ike-mode-cfg: The ISAKMP Configuration Method
• draft-ietf-ipsec-isakmp-xauth: Extended Authentication within ISAKMP/Oakley (XAUTH)
• draft-jenkins-ipsec-rekeying: IPsec Re-keying Issues
• draft-ietf-ipsec-isakmp-hybrid-auth: A Hybrid Authentication Mode for IKE

IKEv2¶

Core Standards¶

• RFC 5996: Internet Key Exchange Protocol Version 2 (IKEv2)
• RFC 4307: Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
• IANA-IKEv2: IKEv2 Parameters

Extensions¶

• RFC 4478: Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
• RFC 4555: IKEv2 Mobility and Multihoming Protocol (MOBIKE)
• RFC 4621: Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol
• RFC 4739: Multiple Authentication Exchanges in the IKEv2 Protocol
• RFC 4754: IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA)
• RFC 4806: Online Certificate Status Protocol (OCSP) Extensions to IKEv2
• RFC 5282: Using Authenticated Encryption Algorithms with the Encrypted Payload of the IKEv2 Protocol
• RFC 5685: Redirect Mechanism for IKEv2
• RFC 5903: ECP Groups for IKE and IKEv2
• RFC 5930: Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol
• RFC 5998: An Extension for EAP-only Authentication in IKEv2
• RFC 6027: IPsec Cluster Problem Statement
• RFC 6467: Secure Password Framework for IKEv2
• RFC 6617: Secure Pre-Shared Key (PSK) Authentication for the Internet Key Exchange Protocol (IKE)
• RFC 6628: Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2
• RFC 6631: Password Authenticated Connection Establishment with IKEv2
• draft-brunner-ikev2-mediation: IKEv2 Mediation Extension
• draft-laganier-ike-ipv6-cga: Using IKE with IPv6 Cryptographically Generated Addresses

IPsec¶

Core Standards¶

• RFC 4301: Security Architecture for the Internet Protocol
• RFC 4302: IP Authentication Header (AH)
• RFC 4303: IP Encapsulating Security Payload (ESP)
• RFC 4308: Cryptographic Suites for IPsec
• RFC 4835: Cryptographic Algorithm Implementation Requirements for ESP and AH

Extensions¶

• RFC 3948: UDP Encapsulation of IPsec ESP Packets
• RFC 4304: Extended Sequence Number (ESN) Addendum to IPsec DOI for ISAKMP
• RFC 4309: Using Advanced Encryption Standard (AES) CCM Mode with IPsec ESP
• RFC 4106: The Use of Galois/Counter Mode (GCM) in IPsec ESP
• RFC 4543: The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH
• RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec
• RFC 5660: IPsec Channels: Connection Latching
• RFC 6379: Suite B Cryptographic Suites for IPsec
• RFC 6380: Suite B Profile for Internet Protocol Security (IPsec)

Multicast IPsec¶

• RFC 3546: The Group Domain of Interpretation (GDOI)
• RFC 4046: Multicast Security (MSEC) Group Key Management Architecture
• RFC 4535: GSAKMP: Group Secure Association Key Management Protocol
• RFC 5374: Multicast Extensions to the Security Architecture for the Internet Protocol
• draft-ietf-msec-gkdp: GKDP: Group Key Distribution Protocol

Mobile IPv6¶

• RFC 4877: Mobile IPv6 Operation with IKEv2 and the Revised IPsec Architecture

PKI¶

• RFC 2560: Internet X.509 Public Key Infrastructure - Online Certificate Status Protocol - OCSP
• RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers
• RFC 4518: LDAP Internationalized String Preparation
• RFC 4809: Requirements for an IPsec Certificate Management Profile
• RFC 4945: The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX
• RFC 5280: Internet X.509 Public Key Infrastructure - Certificate and CRL Profile
• RFC 5755: An Internet Attribute Certificate Profile for Authorization
• RFC 5759: Suite B Certificate and CRL Profile
• draft-nourse-scep: Simple Certificate Enrollment Protocol (SCEP)

EAP¶

• RFC 3748: Extensible Authentication Protocol (EAP)
• RFC 4186: EAP Method for GSM Subscriber Identity Modules (EAP-SIM)
• RFC 4187: EAP Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)
• RFC 5216: The EAP-TLS Authentication Protocol
• RFC 5281: The EAP-TTLS Authentication Protocol Version 0
• RFC 5448: Improved EAP Method for 3rd Generation Authentication and Key Agreement (EAP-AKA')
• draft-ietf-emu-eap-tunnel-method: Tunnel EAP Method (TEAP) Version 1
• IANA EAP: EAP Method Types
• IANA EAP-AKA/SIM: EAP-AKA and EAP-SIM Parameters

RADIUS¶

• RFC 2865: Remote Authentication Dial In User Service (RADIUS)
• RFC 2869: RADIUS Extensions
• RFC 3579: RADIUS for EAP

DNS¶

• RFC 4025: A Method for Storing IPsec Keying Material in DNS

NEA¶

• RFC 5209: Network Endpoint Assessment (NEA): Overview and Requirements
• RFC 5792: PA-TNC: A Posture Attribute (PA) Protocol Compatible with TNC
• RFC 5793: PB-TNC: A Posture Broker (PB) Protocol Compatible with TNC
• RFC 6876: A Posture Transport Protocol over TLS (PT-TLS)
• draft-ietf-nea-pt-eap: Posture Transport (PT) Protocol For EAP Tunnel Methods