| < draft-solinas-ui-suites-00.txt | draft-solinas-ui-suites-01.txt > | |||
|---|---|---|---|---|
| L. Law, NSA | L. Law, NSA | |||
| INTERNET-DRAFT J. Solinas, NSA | INTERNET-DRAFT J. Solinas, NSA | |||
| Expires June 1, 2007 December 1, 2006 | Expires July 10, 2007 January 10, 2007 | |||
| Suite B Cryptographic Suites for IPsec | Suite B Cryptographic Suites for IPsec | |||
| <draft-solinas-ui-suites-00.txt> | <draft-solinas-ui-suites-01.txt> | |||
| {{{ RFC Editor: Please replace every occurrence of "RFC xxxx" and | ||||
| "[RFCxxxx]" with the RFC number that is assigned to | ||||
| draft-kelly-ipsec-ciph-sha2 once it is approved and published. }}} | ||||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that other | Task Force (IETF), its areas, and its working groups. Note that other | |||
| skipping to change at page 1, line 48 ¶ | skipping to change at page 1, line 52 ¶ | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction. . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Requirements Terminology. . . . . . . . . . . . . . . . . . 2 | 2. Requirements Terminology. . . . . . . . . . . . . . . . . . 2 | |||
| 3. New UI Suites . . . . . . . . . . . . . . . . . . . . . . . 2 | 3. New UI Suites . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 3.1 Suite "Suite-B-GCM-128" . . . . . . . . . . . . . . . 2 | 3.1 Suite "Suite-B-GCM-128" . . . . . . . . . . . . . . . 2 | |||
| 3.2 Suite "Suite-B-GCM-256" . . . . . . . . . . . . . . . 3 | 3.2 Suite "Suite-B-GCM-256" . . . . . . . . . . . . . . . 3 | |||
| 3.3 Suite "Suite-B-GMAC-128". . . . . . . . . . . . . . . 4 | 3.3 Suite "Suite-B-GMAC-128". . . . . . . . . . . . . . . 4 | |||
| 3.4 Suite "Suite-B-GMAC-256". . . . . . . . . . . . . . . 5 | 3.4 Suite "Suite-B-GMAC-256". . . . . . . . . . . . . . . 5 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . 6 | 4. Security Considerations . . . . . . . . . . . . . . . . . . 5 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . 6 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . 6 | |||
| 6. References. . . . . . . . . . . . . . . . . . . . . . . . . 6 | 6. References. . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 6.1 Normative . . . . . . . . . . . . . . . . . . . . . . 6 | 6.1 Normative . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 6.2. Informative . . . . . . . . . . . . . . . . . . . . . 7 | 6.2. Informative . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 1. Introduction | 1. Introduction | |||
| RFC 4308 proposes two optional cryptographic user interface suites | RFC 4308 proposes two optional cryptographic user interface suites | |||
| ("UI suites") for IPsec. The two suites, VPN-A and VPN-B, represent | ("UI suites") for IPsec. The two suites, VPN-A and VPN-B, represent | |||
| commonly used present-day corporate VPN security choices and | commonly used present-day corporate VPN security choices and | |||
| skipping to change at page 2, line 26 ¶ | skipping to change at page 2, line 26 ¶ | |||
| the IPsec protocols in any way. | the IPsec protocols in any way. | |||
| 2. Requirements Terminology | 2. Requirements Terminology | |||
| The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY" | The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY" | |||
| in this document are to be interpreted as described in [RFC2119]. | in this document are to be interpreted as described in [RFC2119]. | |||
| 3. New UI Suites | 3. New UI Suites | |||
| Each of the following UI suites provides choices for ESP (see | Each of the following UI suites provides choices for ESP (see | |||
| [RFC-4303]) and for IKEv1 and IKEv2 (see [RFC-2409] and [RFC-4306]). | [RFC4303]) and for IKEv1 and IKEv2 (see [RFC2409] and [RFC4306]). | |||
| The four suites are differentiated by the choice of cryptographic | The four suites are differentiated by the choice of cryptographic | |||
| algorithm strengths and a choice of whether ESP is to provide both | algorithm strengths and a choice of whether ESP is to provide both | |||
| confidentiality and integrity or integrity only. The suite names | confidentiality and integrity or integrity only. The suite names | |||
| are based on the AES mode and AES key length specified for ESP. | are based on the AES mode and AES key length specified for ESP. | |||
| IPsec implementations that use these UI suites SHOULD use the suite | IPsec implementations that use these UI suites SHOULD use the suite | |||
| names listed here. IPsec implementations SHOULD NOT use names | names listed here. IPsec implementations SHOULD NOT use names | |||
| different than those listed here for the suites that are described, | different than those listed here for the suites that are described, | |||
| and MUST NOT use the names listed here for suites that do not match | and MUST NOT use the names listed here for suites that do not match | |||
| these values. These requirements are necessary for interoperability. | these values. These requirements are necessary for interoperability. | |||
| 3.1 Suite "Suite-B-GCM-128" | 3.1 Suite "Suite-B-GCM-128" | |||
| This suite provides ESP integrity protection and confidentiality | This suite provides ESP integrity protection and confidentiality | |||
| using 128-bit AES-GCM (see [RFC-4106]). This suite or the following | using 128-bit AES-GCM (see [RFC4106]). This suite or the following | |||
| suite should be used when ESP integrity protection and encryption | suite should be used when ESP integrity protection and encryption | |||
| are both needed. | are both needed. | |||
| ESP: | ESP: | |||
| Encryption AES with 128-bit keys and 16 octet ICV in GCM mode | Encryption AES with 128-bit keys and 16 octet ICV in GCM mode | |||
| [RFC-4106] | [RFC4106] | |||
| Integrity NULL | Integrity NULL | |||
| IKEv1: | IKEv1: | |||
| Encryption AES with 128-bit keys in CBC mode | Encryption AES with 128-bit keys in CBC mode | |||
| [RFC-3602] | [RFC3602] | |||
| Pseudo-random function HMAC-SHA-256 [RFC-2104] | Pseudo-random function HMAC-SHA-256 [RFCxxxx] | |||
| Hash SHA-256 [FIPS-180-2] | Hash SHA-256 [FIPS-180-2] | |||
| Diffie-Hellman group 256-bit random ECP group [RFC-4753] | Diffie-Hellman group 256-bit random ECP group [RFC4753] | |||
| Group Type ECP | Group Type ECP | |||
| For IKEv1, Phase 1 SHOULD use Main mode. IKEv1 implementations MUST | For IKEv1, Phase 1 SHOULD use Main mode. IKEv1 implementations MUST | |||
| support pre-shared key authentication [RFC-2409] for | support pre-shared key authentication [RFC2409] for | |||
| interoperability. The authentication method used with IKEv1 MAY be | interoperability. The authentication method used with IKEv1 MAY be | |||
| either pre-shared key [RFC-2409] or ECDSA-256 [RFC-4754]. | either pre-shared key [RFC2409] or ECDSA-256 [RFC4754]. | |||
| IKEv2: | IKEv2: | |||
| Encryption AES with 128-bit keys in CBC mode | Encryption AES with 128-bit keys in CBC mode | |||
| [RFC-3602] | [RFC3602] | |||
| Pseudo-random function HMAC-SHA-256 [RFC-2104] | Pseudo-random function HMAC-SHA-256 [RFCxxxx] | |||
| Integrity HMAC-SHA-256-128 [RFC-2104] | Integrity HMAC-SHA-256-128 [RFCxxxx] | |||
| Diffie-Hellman group 256-bit random ECP group [RFC-4753] | Diffie-Hellman group 256-bit random ECP group [RFC4753] | |||
| Authentication ECDSA-256 [RFC-4754] | Authentication ECDSA-256 [RFC4754] | |||
| Rekeying of Phase 2 (for IKEv1) or the CREATE_CHILD_SA (for IKEv2) | Rekeying of Phase 2 (for IKEv1) or the CREATE_CHILD_SA (for IKEv2) | |||
| MUST be supported by both parties in this suite. The initiator of | MUST be supported by both parties in this suite. | |||
| this exchange MAY include a new Diffie-Hellman key; if it is | ||||
| included, it MUST be of type 256-bit random ECP. If the initiator | ||||
| of the exchange includes a Diffie-Hellman key, the responder MUST | ||||
| include a Diffie-Hellman key, and it MUST be of type 256-bit random | ||||
| ECP. | ||||
| 3.2 Suite "Suite-B-GCM-256" | 3.2 Suite "Suite-B-GCM-256" | |||
| This suite provides ESP integrity protection and confidentiality | This suite provides ESP integrity protection and confidentiality | |||
| using 256-bit AES-GCM (see [RFC-4106]). This suite or the preceding | using 256-bit AES-GCM (see [RFC4106]). This suite or the preceding | |||
| suite should be used when ESP integrity protection and encryption | suite should be used when ESP integrity protection and encryption | |||
| are both needed. | are both needed. | |||
| ESP: | ESP: | |||
| Encryption AES with 256-bit keys and 16 octet ICV in GCM mode | Encryption AES with 256-bit keys and 16 octet ICV in GCM mode | |||
| [RFC-4106] | [RFC4106] | |||
| Integrity NULL | Integrity NULL | |||
| IKEv1: | IKEv1: | |||
| Encryption AES with 256-bit keys in CBC mode | Encryption AES with 256-bit keys in CBC mode | |||
| [RFC-3602] | [RFC3602] | |||
| Pseudo-random function HMAC-SHA-384 [RFC-2104] | Pseudo-random function HMAC-SHA-384 [RFCxxxx] | |||
| Hash SHA-384 [FIPS-180-2] | Hash SHA-384 [FIPS-180-2] | |||
| Diffie-Hellman group 384-bit random ECP group [RFC-4753] | Diffie-Hellman group 384-bit random ECP group [RFC4753] | |||
| Group Type ECP | Group Type ECP | |||
| For IKEv1, Phase 1 SHOULD use Main mode. IKEv1 implementations MUST | For IKEv1, Phase 1 SHOULD use Main mode. IKEv1 implementations MUST | |||
| support pre-shared key authentication [RFC-2409] for | support pre-shared key authentication [RFC2409] for | |||
| interoperability. The authentication method used with IKEv1 MAY be | interoperability. The authentication method used with IKEv1 MAY be | |||
| either pre-shared key [RFC-2409] or ECDSA-384 [RFC-4754]. | either pre-shared key [RFC2409] or ECDSA-384 [RFC4754]. | |||
| IKEv2: | IKEv2: | |||
| Encryption AES with 256-bit keys in CBC mode | Encryption AES with 256-bit keys in CBC mode | |||
| [RFC-3602] | [RFC3602] | |||
| Pseudo-random function HMAC-SHA-384 [RFC-2104] | Pseudo-random function HMAC-SHA-384 [RFCxxxx] | |||
| Integrity HMAC-SHA-384-128 [RFC-2104] | Integrity HMAC-SHA-384-192 [RFCxxxx] | |||
| Diffie-Hellman group 384-bit random ECP group [RFC-4753] | Diffie-Hellman group 384-bit random ECP group [RFC4753] | |||
| Authentication ECDSA-384 [RFC-4754] | Authentication ECDSA-384 [RFC4754] | |||
| Rekeying of Phase 2 (for IKEv1) or the CREATE_CHILD_SA (for IKEv2) | Rekeying of Phase 2 (for IKEv1) or the CREATE_CHILD_SA (for IKEv2) | |||
| MUST be supported by both parties in this suite. The initiator of | MUST be supported by both parties in this suite. | |||
| this exchange MAY include a new Diffie-Hellman key; if it is | ||||
| included, it MUST be of type 384-bit random ECP. If the initiator | ||||
| of the exchange includes a Diffie-Hellman key, the responder MUST | ||||
| include a Diffie-Hellman key, and it MUST be of type 384-bit random | ||||
| ECP. | ||||
| 3.3 Suite "Suite-B-GMAC-128" | 3.3 Suite "Suite-B-GMAC-128" | |||
| This suite provides ESP integrity protection using 128-bit AES-GMAC | This suite provides ESP integrity protection using 128-bit AES-GMAC | |||
| (see [RFC-4543]) but does not provide confidentiality. This suite | (see [RFC4543]) but does not provide confidentiality. This suite | |||
| or the following suite should be used only when there is no need for | or the following suite should be used only when there is no need for | |||
| ESP encryption. | ESP encryption. | |||
| ESP: | ESP: | |||
| Encryption NULL | Encryption NULL | |||
| Integrity AES with 128-bit keys in GMAC mode [RFC-4543] | Integrity AES with 128-bit keys in GMAC mode [RFC4543] | |||
| IKEv1: | IKEv1: | |||
| Encryption AES with 128-bit keys in CBC mode | Encryption AES with 128-bit keys in CBC mode | |||
| [RFC-3602] | [RFC3602] | |||
| Pseudo-random function HMAC-SHA-256 [RFC-2104] | Pseudo-random function HMAC-SHA-256 [RFCxxxx] | |||
| Hash SHA-256 [FIPS-180-2] | Hash SHA-256 [FIPS-180-2] | |||
| Diffie-Hellman group 256-bit random ECP group [RFC-4753] | Diffie-Hellman group 256-bit random ECP group [RFC4753] | |||
| Group Type ECP | Group Type ECP | |||
| For IKEv1, Phase 1 SHOULD use Main mode. IKEv1 implementations MUST | For IKEv1, Phase 1 SHOULD use Main mode. IKEv1 implementations MUST | |||
| support pre-shared key authentication [RFC-2409] for | support pre-shared key authentication [RFC2409] for | |||
| interoperability. The authentication method used with IKEv1 MAY be | interoperability. The authentication method used with IKEv1 MAY be | |||
| either pre-shared key [RFC-2409] or ECDSA-256 [RFC-4754]. | either pre-shared key [RFC2409] or ECDSA-256 [RFC4754]. | |||
| IKEv2: | IKEv2: | |||
| Encryption AES with 128-bit keys in CBC mode | Encryption AES with 128-bit keys in CBC mode | |||
| [RFC-3602] | [RFC3602] | |||
| Pseudo-random function HMAC-SHA-256 [RFC-2104] | Pseudo-random function HMAC-SHA-256 [RFCxxxx] | |||
| Integrity HMAC-SHA-256-128 [RFC-2104] | Integrity HMAC-SHA-256-128 [RFCxxxx] | |||
| Diffie-Hellman group 256-bit random ECP group [RFC-4753] | Diffie-Hellman group 256-bit random ECP group [RFC4753] | |||
| Authentication ECDSA-256 [RFC-4754] | Authentication ECDSA-256 [RFC4754] | |||
| Rekeying of Phase 2 (for IKEv1) or the CREATE_CHILD_SA (for IKEv2) | Rekeying of Phase 2 (for IKEv1) or the CREATE_CHILD_SA (for IKEv2) | |||
| MUST be supported by both parties in this suite. The initiator of | MUST be supported by both parties in this suite. | |||
| this exchange MAY include a new Diffie-Hellman key; if it is | ||||
| included, it MUST be of type 256-bit random ECP. If the initiator | ||||
| of the exchange includes a Diffie-Hellman key, the responder MUST | ||||
| include a Diffie-Hellman key, and it MUST be of type 256-bit random | ||||
| ECP. | ||||
| 3.4 Suite "Suite-B-GMAC-256" | 3.4 Suite "Suite-B-GMAC-256" | |||
| This suite provides ESP integrity protection using 256-bit AES-GMAC | This suite provides ESP integrity protection using 256-bit AES-GMAC | |||
| (see [RFC-4543]) but does not provide confidentiality. This suite | (see [RFC4543]) but does not provide confidentiality. This suite | |||
| or the preceding suite should be used only when there is no need for | or the preceding suite should be used only when there is no need for | |||
| ESP encryption. | ESP encryption. | |||
| ESP: | ESP: | |||
| Encryption NULL | Encryption NULL | |||
| Integrity AES with 256-bit keys in GMAC mode [RFC-4543] | Integrity AES with 256-bit keys in GMAC mode [RFC4543] | |||
| IKEv1: | IKEv1: | |||
| Encryption AES with 256-bit keys in CBC mode | Encryption AES with 256-bit keys in CBC mode | |||
| [RFC-3602] | [RFC3602] | |||
| Pseudo-random function HMAC-SHA-384 [RFC-2104] | Pseudo-random function HMAC-SHA-384 [RFCxxxx] | |||
| Hash SHA-384 [FIPS-180-2] | Hash SHA-384 [FIPS-180-2] | |||
| Diffie-Hellman group 384-bit random ECP group [RFC-4753] | Diffie-Hellman group 384-bit random ECP group [RFC4753] | |||
| Group Type ECP | Group Type ECP | |||
| For IKEv1, Phase 1 SHOULD use Main mode. IKEv1 implementations MUST | For IKEv1, Phase 1 SHOULD use Main mode. IKEv1 implementations MUST | |||
| support pre-shared key authentication [RFC-2409] for | support pre-shared key authentication [RFC2409] for | |||
| interoperability. The authentication method used with IKEv1 MAY be | interoperability. The authentication method used with IKEv1 MAY be | |||
| either pre-shared key [RFC-2409] or ECDSA-384 [RFC-4754]. | either pre-shared key [RFC2409] or ECDSA-384 [RFC4754]. | |||
| IKEv2: | IKEv2: | |||
| Encryption AES with 256-bit keys in CBC mode | Encryption AES with 256-bit keys in CBC mode | |||
| [RFC-3602] | [RFC3602] | |||
| Pseudo-random function HMAC-SHA-384 [RFC-2104] | Pseudo-random function HMAC-SHA-384 [RFCxxxx] | |||
| Integrity HMAC-SHA-384-128 [RFC-2104] | Integrity HMAC-SHA-384-192 [RFCxxxx] | |||
| Diffie-Hellman group 384-bit random ECP group [RFC-4753] | Diffie-Hellman group 384-bit random ECP group [RFC4753] | |||
| Authentication ECDSA-384 [RFC-4754] | Authentication ECDSA-384 [RFC4754] | |||
| Rekeying of Phase 2 (for IKEv1) or the CREATE_CHILD_SA (for IKEv2) | Rekeying of Phase 2 (for IKEv1) or the CREATE_CHILD_SA (for IKEv2) | |||
| MUST be supported by both parties in this suite. The initiator of | MUST be supported by both parties in this suite. | |||
| this exchange MAY include a new Diffie-Hellman key; if it is | ||||
| included, it MUST be of type 384-bit random ECP. If the initiator | ||||
| of the exchange includes a Diffie-Hellman key, the responder MUST | ||||
| include a Diffie-Hellman key, and it MUST be of type 384-bit random | ||||
| ECP. | ||||
| 4. Security Considerations | 4. Security Considerations | |||
| This document inherits all of the security considerations of the | This document inherits all of the security considerations of the | |||
| IPsec, IKEv1, and IKEv2 documents. See [CNSSP-15] for guidance on | IPsec, IKEv1, and IKEv2 documents. See [CNSSP-15] for guidance on | |||
| the use of AES in these suites for the protection of U.S. Government | the use of AES in these suites for the protection of U.S. Government | |||
| information. | information. | |||
| Some of the security options specified in these suites may be found | Some of the security options specified in these suites may be found | |||
| in the future to have properties significantly weaker than those that | in the future to have properties significantly weaker than those that | |||
| skipping to change at page 6, line 45 ¶ | skipping to change at page 6, line 26 ¶ | |||
| Identifier Defined in | Identifier Defined in | |||
| Suite-B-GCM-128 RFC draft-solinas-ui-suites-00.txt | Suite-B-GCM-128 RFC draft-solinas-ui-suites-00.txt | |||
| Suite-B-GCM-256 RFC draft-solinas-ui-suites-00.txt | Suite-B-GCM-256 RFC draft-solinas-ui-suites-00.txt | |||
| Suite-B-GMAC-128 RFC draft-solinas-ui-suites-00.txt | Suite-B-GMAC-128 RFC draft-solinas-ui-suites-00.txt | |||
| Suite-B-GMAC-256 RFC draft-solinas-ui-suites-00.txt | Suite-B-GMAC-256 RFC draft-solinas-ui-suites-00.txt | |||
| 6. References | 6. References | |||
| 6.1 Normative | 6.1 Normative | |||
| [FIPS-180-2] FIPS 180-2, "Secure Hash Standard", National Institute of | [FIPS-180-2] FIPS 180-2 with change notice, "Secure Hash Standard", | |||
| Standards and Technology, 2002. | National Institute of Standards and Technology, February 2004. | |||
| [IANA-Suites] Internet Assigned Numbers Authority, "Cryptographic | [IANA-Suites] Internet Assigned Numbers Authority, "Cryptographic | |||
| Suites for IKEv1, IKEv2, and IPsec", January 5, 2006. | Suites for IKEv1, IKEv2, and IPsec", January 5, 2006. | |||
| (http://www.iana.org/assignments/crypto-suites) | (http://www.iana.org/assignments/crypto-suites) | |||
| [RFC-2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Hashing for Message Authentication", RFC 2104, February 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC-2409] Harkins, D. and D. Carrel, "The Internet Key Exchange | [RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange | |||
| (IKE)", RFC 2409, November 1998. | (IKE)", RFC 2409, November 1998. | |||
| [RFC-3602] Frankel, S., Glenn, R., and S. Kelly, "The AES-CBC Cipher | [RFC3602] Frankel, S., Glenn, R., and S. Kelly, "The AES-CBC Cipher | |||
| Algorithm and Its Use with IPsec", RFC 3602, September 2003. | Algorithm and Its Use with IPsec", RFC 3602, September 2003. | |||
| [RFC-4106] Viega, J. and D. McGrew, "The Use of Galois/Counter Mode | [RFC4106] Viega, J. and D. McGrew, "The Use of Galois/Counter Mode | |||
| (GCM) in IPsec Encapsulating Security Payload (ESP)", RFC 4106, | (GCM) in IPsec Encapsulating Security Payload (ESP)", RFC 4106, | |||
| June 2005. | June 2005. | |||
| [RFC-4303] Kent, S., "IP Encapsulating Security Payload (ESP)", | [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", | |||
| RFC 4303, December 2005. | RFC 4303, December 2005. | |||
| [RFC-4306] Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", | [RFC4306] Kaufman, C., "Internet Key Exchange (IKEv2) Protocol", | |||
| RFC 4306, December 2005. | RFC 4306, December 2005. | |||
| [RFC-4308] Hoffman, P., "Cryptographic Suites for IPsec", RFC 4308, | [RFC4308] Hoffman, P., "Cryptographic Suites for IPsec", RFC 4308, | |||
| December 2005. | December 2005. | |||
| [RFC-4543] McGrew, D. and J. Viega, "The Use of Galois Message | [RFC4543] McGrew, D. and J. Viega, "The Use of Galois Message | |||
| Authentication Code (GMAC) in IPsec ESP and AH", RFC 4543, May | Authentication Code (GMAC) in IPsec ESP and AH", RFC 4543, May | |||
| 2006. | 2006. | |||
| [RFC-4753] Fu, D. and J. Solinas, "ECP Groups for IKE and IKEv2", | [RFC4753] Fu, D. and J. Solinas, "ECP Groups for IKE and IKEv2", | |||
| RFC-4753, November 2006. | RFC 4753, November 2006. | |||
| [RFC-4754] Fu, D. and J. Solinas, "IKE and IKEv2 Authentication Using | [RFC4754] Fu, D. and J. Solinas, "IKE and IKEv2 Authentication Using | |||
| ECDSA", RFC-4754, November 2006. | ECDSA", RFC 4754, November 2006. | |||
| [RFCxxxx] Kelly, S., and S. Frankel, "Using HMAC-SHA-256, | ||||
| HMAC-SHA-384, and HMAC-SHA-512 With IPsec", RFC xxxx, 2007. | ||||
| 6.2 Informative | 6.2 Informative | |||
| [AES] U.S. Department of Commerce/National Institute of Standards | [AES] U.S. Department of Commerce/National Institute of Standards | |||
| and Technology, "Advanced Encryption Standard (AES)", FIPS PUB 197, | and Technology, "Advanced Encryption Standard (AES)", FIPS PUB 197, | |||
| November 2001. (http://csrc.nist.gov/publications/fips/index.html) | November 2001. (http://csrc.nist.gov/publications/fips/index.html) | |||
| [CNSSP-15] Committee on National Security Systems, "National Policy on | [CNSSP-15] Committee on National Security Systems, "National Policy on | |||
| the Use of the Advanced Encryption Standard (AES) to Protect | the Use of the Advanced Encryption Standard (AES) to Protect | |||
| National Security Systems and National Security Information", June | National Security Systems and National Security Information", June | |||
| 2003. (http://www.cnss.gov/Assets/pdf/cnssp_15_fs.pdf) | 2003. (http://www.cnss.gov/Assets/pdf/cnssp_15_fs.pdf) | |||
| [IANA-IKEv1] Internet Assigned Numbers Authority, Internet Key | [IANA-IKEv1] Internet Assigned Numbers Authority, Internet Key | |||
| Exchange (IKE) Attributes, 5 Jun 2006. | Exchange (IKE) Attributes, 5 Jun 2006. | |||
| (http://www.iana.org/assignments/ipsec-registry) | (http://www.iana.org/assignments/ipsec-registry) | |||
| [IANA-IKEv2] Internet Assigned Numbers Authority, IKEv2 Parameters, 26 | [IANA-IKEv2] Internet Assigned Numbers Authority, IKEv2 Parameters, 26 | |||
| September 2006. | September 2006. | |||
| (http://www.iana.org/assignments/ikev2-parameters) | (http://www.iana.org/assignments/ikev2-parameters) | |||
| [RFC-4634] D. Eastlake 3rd and T. Hansen, "US Secure Hash Algorithms | [RFC4634] D. Eastlake 3rd and T. Hansen, "US Secure Hash Algorithms | |||
| (SHA and HMAC-SHA)", RFC 4634, July 2006. | (SHA and HMAC-SHA)", RFC 4634, July 2006. | |||
| [SuiteB] U.S. National Security Agency, "Fact Sheet NSA Suite B | [SuiteB] U.S. National Security Agency, "Fact Sheet NSA Suite B | |||
| Cryptography", July 2005. | Cryptography", July 2005. | |||
| (http://www.nsa.gov/ia/industry/crypto_Suite_b.cfm?MenuID=10.2.7) | (http://www.nsa.gov/ia/industry/crypto_Suite_b.cfm?MenuID=10.2.7) | |||
| Authors' Addresses | Authors' Addresses | |||
| Laurie E. Law | Laurie E. Law | |||
| National Information Assurance Research Laboratory | National Information Assurance Research Laboratory | |||
| skipping to change at page 8, line 14 ¶ | skipping to change at page 7, line 49 ¶ | |||
| [SuiteB] U.S. National Security Agency, "Fact Sheet NSA Suite B | [SuiteB] U.S. National Security Agency, "Fact Sheet NSA Suite B | |||
| Cryptography", July 2005. | Cryptography", July 2005. | |||
| (http://www.nsa.gov/ia/industry/crypto_Suite_b.cfm?MenuID=10.2.7) | (http://www.nsa.gov/ia/industry/crypto_Suite_b.cfm?MenuID=10.2.7) | |||
| Authors' Addresses | Authors' Addresses | |||
| Laurie E. Law | Laurie E. Law | |||
| National Information Assurance Research Laboratory | National Information Assurance Research Laboratory | |||
| National Security Agency | National Security Agency | |||
| EMail: lelaw@orion.ncsc.mil | EMail: lelaw@orion.ncsc.mil | |||
| Jerome A. Solinas | Jerome A. Solinas | |||
| National Information Assurance Research Laboratory | National Information Assurance Research Laboratory | |||
| National Security Agency | National Security Agency | |||
| EMail: jasolin@orion.ncsc.mil | EMail: jasolin@orion.ncsc.mil | |||
| Comments are solicited and should be addressed to the authors. | ||||
| Full Copyright Statement | Full Copyright Statement | |||
| Copyright (C) The Internet Society (2006). | Copyright (C) The Internet Society (2007). | |||
| This document is subject to the rights, licenses and restrictions | This document is subject to the rights, licenses and restrictions | |||
| contained in BCP 78, and except as set forth therein, the authors | contained in BCP 78, and except as set forth therein, the authors | |||
| retain all their rights. | retain all their rights. | |||
| This document and the information contained herein are provided on an | This document and the information contained herein are provided on an | |||
| "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS | |||
| OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET | |||
| ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, | |||
| INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE | |||
| skipping to change at page 9, line 45 ¶ | skipping to change at page 8, line 45 ¶ | |||
| such proprietary rights by implementers or users of this | such proprietary rights by implementers or users of this | |||
| specification can be obtained from the IETF on-line IPR repository at | specification can be obtained from the IETF on-line IPR repository at | |||
| http://www.ietf.org/ipr. | http://www.ietf.org/ipr. | |||
| The IETF invites any interested party to bring to its attention any | The IETF invites any interested party to bring to its attention any | |||
| copyrights, patents or patent applications, or other proprietary | copyrights, patents or patent applications, or other proprietary | |||
| rights that may cover technology that may be required to implement | rights that may cover technology that may be required to implement | |||
| this standard. Please address the information to the IETF at ietf- | this standard. Please address the information to the IETF at ietf- | |||
| ipr@ietf.org. | ipr@ietf.org. | |||
| Expires June 1, 2007 | Expires July 10, 2007 | |||
| End of changes. 53 change blocks. | ||||
| 97 lines changed or deleted | 80 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||