Details Transport mode is MUST and Tunnel mode MAY be used ESP is MUST and AH MAY be used Encryption and Authentication algorithms – Reference to RFC 4305 that mandates different algorithms 3DES-CBC and HMAC-SHA1 MUST for Encryption and Authentication AES-CBC SHOULD for Encryption HMAC-MD5 MAY for Authentication Implementation MUST support multiple SPDs and a SPD selection function |