| < draft-fedchenko-ipsecme-cpesp-gost-03.txt | draft-fedchenko-ipsecme-cpesp-gost-04.txt > | |||
|---|---|---|---|---|
| Internet Engineering Task Force S. Leontiev, Ed. | Internet Engineering Task Force S. Leontiev, Ed. | |||
| Internet-Draft D. Pichulin, Ed. | Internet-Draft D. Pichulin, Ed. | |||
| Intended status: Informational CRYPTO-PRO | Intended status: Informational CRYPTO-PRO | |||
| Expires: January 31, 2015 A. Fedchenko, Ed. | Expires: February 5, 2015 A. Fedchenko, Ed. | |||
| S-Terra | S-Terra | |||
| July 30, 2014 | August 4, 2014 | |||
| Using GOST 28147-89 with IPsec Encapsulating Security Payload (ESP) | Using GOST 28147-89 with IPsec Encapsulating Security Payload (ESP) | |||
| draft-fedchenko-ipsecme-cpesp-gost-03 | draft-fedchenko-ipsecme-cpesp-gost-04 | |||
| Abstract | Abstract | |||
| This document defines the usage of GOST 28147-89 algorithm when | This document defines the usage of GOST 28147-89 algorithm when | |||
| providing data integrity and confidentiality in ESP protocol. | providing data integrity and confidentiality in ESP protocol. | |||
| The contents of this document is technically equivalent to its TC26 | The contents of this document is technically equivalent to its TC26 | |||
| ROSSTANDART specification. | ROSSTANDART specification. | |||
| This specification is maintained by TC26 ROSSTANDART and further | This specification is maintained by TC26 ROSSTANDART and further | |||
| skipping to change at page 1, line 39 ¶ | skipping to change at page 1, line 39 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 31, 2015. | This Internet-Draft will expire on February 5, 2015. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 10 ¶ | skipping to change at page 3, line 10 ¶ | |||
| 11.2. Informative References . . . . . . . . . . . . . . . . . . 22 | 11.2. Informative References . . . . . . . . . . . . . . . . . . 22 | |||
| A. Compatibility . . . . . . . . . . . . . . . . . . . . . . . . 24 | A. Compatibility . . . . . . . . . . . . . . . . . . . . . . . . 24 | |||
| B. Compatibility with Older IKEv1 Implementations . . . . . . . . 24 | B. Compatibility with Older IKEv1 Implementations . . . . . . . . 24 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 24 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 24 | |||
| 1. Introduction | 1. Introduction | |||
| This document contains a technical specification approved by the | This document contains a technical specification approved by the | |||
| Technical Committee #26 ("Cryptography and security mechanisms") of | Technical Committee #26 ("Cryptography and security mechanisms") of | |||
| Federal Agency on Technical Regulating and Metrology of the Russian | Federal Agency on Technical Regulating and Metrology of the Russian | |||
| Federation (ROSSTANDART) [TC26-ESP]. | Federation (ROSSTANDART) [TC26ESP]. | |||
| This memo describes implementation features and additional | This memo describes implementation features and additional | |||
| identification types of ESP protocol [RFC4303] when used with GOST | identification types of ESP protocol [RFC4303] when used with GOST | |||
| 28147-89 encryption algorithm. This document defines the following | 28147-89 encryption algorithm. This document defines the following | |||
| payload transforms in ESP protocol: | payload transforms in ESP protocol: | |||
| o combined mode transform ESP_GOST-4M-IMIT; | o combined mode transform ESP_GOST-4M-IMIT; | |||
| o combined mode transform ESP_GOST-1K-IMIT. | o combined mode transform ESP_GOST-1K-IMIT. | |||
| This memo does not define GOST 28147-89 cryptographic algorithm and | This memo does not define GOST 28147-89 cryptographic algorithm and | |||
| formats of a cryptographic data representation. The algorithm itself | formats of a cryptographic data representation. The algorithm itself | |||
| is defined in GOST 28147-89 national standard [GOST28147] [RFC5830], | is defined in GOST 28147-89 national standard [GOST28147] [RFC5830], | |||
| the data and parameters representation corresponds [RFC4357], | the data and parameters representation corresponds [RFC4357], | |||
| [RFC4491], [RFC4490] and [TC26-IKE]. | [RFC4491], [RFC4490] and [TC26IKE]. | |||
| The development objective of this document is to provide | The development objective of this document is to provide | |||
| interoperability of IPsec protocol implementations, produced by | interoperability of IPsec protocol implementations, produced by | |||
| Russian vendors. | Russian vendors. | |||
| 2. Terms and Definitions | 2. Terms and Definitions | |||
| This document operates with terms and definitions from IPsec | This document operates with terms and definitions from IPsec | |||
| [RFC4301] and ESP [RFC4303] standards, only additional definitions | [RFC4301] and ESP [RFC4303] standards, only additional definitions | |||
| are described below. | are described below. | |||
| skipping to change at page 22, line 25 ¶ | skipping to change at page 22, line 25 ¶ | |||
| [RFC4304] Kent, S., "Extended Sequence Number (ESN) Addendum to | [RFC4304] Kent, S., "Extended Sequence Number (ESN) Addendum to | |||
| IPsec Domain of Interpretation (DOI) for Internet Security | IPsec Domain of Interpretation (DOI) for Internet Security | |||
| Association and Key Management Protocol (ISAKMP)", | Association and Key Management Protocol (ISAKMP)", | |||
| RFC 4304, December 2005. | RFC 4304, December 2005. | |||
| [RFC4357] Popov, V., Kurepkin, I., and S. Leontiev, "Additional | [RFC4357] Popov, V., Kurepkin, I., and S. Leontiev, "Additional | |||
| Cryptographic Algorithms for Use with GOST 28147-89, | Cryptographic Algorithms for Use with GOST 28147-89, | |||
| GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 | GOST R 34.10-94, GOST R 34.10-2001, and GOST R 34.11-94 | |||
| Algorithms", RFC 4357, January 2006. | Algorithms", RFC 4357, January 2006. | |||
| [TC26-ESP] | [TC26ESP] Technical committee #26 of Federal Agency on Technical | |||
| Technical committee #26 of Federal Agency on Technical | ||||
| Regulating and Metrology of the Russian Federation, | Regulating and Metrology of the Russian Federation, | |||
| "Cryptographic Protection for Data Processing System, | "Cryptographic Protection for Data Processing System, | |||
| Technical specification Use GOST 28147-89 for | Technical specification Use GOST 28147-89 for | |||
| Encapsulating Security Payload (ESP) IPsec protocol. (In | Encapsulating Security Payload (ESP) IPsec protocol. (In | |||
| Russian) (in press)", 2013. | Russian)", 2013. | |||
| [TC26UZ] Technical committee #26 of Federal Agency on Technical | [TC26UZ] Technical committee #26 of Federal Agency on Technical | |||
| Regulating and Metrology of the Russian Federation, | Regulating and Metrology of the Russian Federation, | |||
| "Methodical recommendations for S-box parameters | "Methodical recommendations for S-box parameters | |||
| assignment in GOST 28147-89. (In Russian)", 2014. | assignment in GOST 28147-89. (In Russian)", 2014. | |||
| [rus-popov-esp-sbox-00-rb] | [rus-popov-esp-sbox-00-rb] | |||
| Technical committee #26 of Federal Agency on Technical | Technical committee #26 of Federal Agency on Technical | |||
| Regulating and Metrology of the Russian Federation, "Using | Regulating and Metrology of the Russian Federation, "Using | |||
| additional S-box parameters in GOST 28147-89 for payload | additional S-box parameters in GOST 28147-89 for payload | |||
| skipping to change at page 23, line 49 ¶ | skipping to change at page 23, line 49 ¶ | |||
| RFC 5996, September 2010. | RFC 5996, September 2010. | |||
| [RFC6071] Frankel, S. and S. Krishnan, "IP Security (IPsec) and | [RFC6071] Frankel, S. and S. Krishnan, "IP Security (IPsec) and | |||
| Internet Key Exchange (IKE) Document Roadmap", RFC 6071, | Internet Key Exchange (IKE) Document Roadmap", RFC 6071, | |||
| February 2011. | February 2011. | |||
| [RFC6311] Singh, R., Kalyani, G., Nir, Y., Sheffer, Y., and D. | [RFC6311] Singh, R., Kalyani, G., Nir, Y., Sheffer, Y., and D. | |||
| Zhang, "Protocol Support for High Availability of IKEv2/ | Zhang, "Protocol Support for High Availability of IKEv2/ | |||
| IPsec", RFC 6311, July 2011. | IPsec", RFC 6311, July 2011. | |||
| [TC26-IKE] | [TC26IKE] Technical committee #26 of Federal Agency on Technical | |||
| Technical committee #26 of Federal Agency on Technical | ||||
| Regulating and Metrology of the Russian Federation, | Regulating and Metrology of the Russian Federation, | |||
| "Cryptographic Protection for Data Processing System, | "Cryptographic Protection for Data Processing System, | |||
| Technical specification Use GOST 28147-89, GOST R | Technical specification Use GOST 28147-89, GOST R | |||
| 34.11-94, GOST R 34.10-2001, for IKE and ISAKMP. (In | 34.11-94, GOST R 34.10-2001, for IKE and ISAKMP. (In | |||
| Russian) (in press)", 2013. | Russian)", 2013. | |||
| Appendix A. Compatibility | Appendix A. Compatibility | |||
| Requirements for a transforms implementation: | Requirements for a transforms implementation: | |||
| o ESP_GOST-4M-IMIT - REQUIRED; | o ESP_GOST-4M-IMIT - REQUIRED; | |||
| o ESP_GOST-1K-IMIT - OPTIONAL, it is required for applications that | o ESP_GOST-1K-IMIT - OPTIONAL, it is required for applications that | |||
| must be strictly robust to attacks based on timing and EMI | must be strictly robust to attacks based on timing and EMI | |||
| analysis, and in case of usage very big IPv6 packets (more than 64 | analysis, and in case of usage very big IPv6 packets (more than 64 | |||
| End of changes. 10 change blocks. | ||||
| 12 lines changed or deleted | 10 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||