idnits 2.17.1 draft-ietf-ipsec-ikev2-iana-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an Introduction section. ** The document seems to lack a Security Considerations section. ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) ** There are 33 instances of too long lines in the document, the longest one being 9 characters in excess of 72. ** There are 4 instances of lines with control characters in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (December 16, 2003) is 7408 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? '1' on line 437 looks like a reference Summary: 6 errors (**), 0 flaws (~~), 2 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 IPSEC WG M. Richardson 3 Internet-Draft SSW 4 Expires: June 15, 2004 December 16, 2003 6 Initial IANA registry contents 7 draft-ietf-ipsec-ikev2-iana-00.txt 9 Status of this Memo 11 This document is an Internet-Draft and is in full conformance with 12 all provisions of Section 10 of RFC2026. 14 Internet-Drafts are working documents of the Internet Engineering 15 Task Force (IETF), its areas, and its working groups. Note that 16 other groups may also distribute working documents as Internet- 17 Drafts. 19 Internet-Drafts are draft documents valid for a maximum of six months 20 and may be updated, replaced, or obsoleted by other documents at any 21 time. It is inappropriate to use Internet-Drafts as reference 22 material or to cite them other than as "work in progress." 24 The list of current Internet-Drafts can be accessed at http:// 25 www.ietf.org/ietf/1id-abstracts.txt. 27 The list of Internet-Draft Shadow Directories can be accessed at 28 http://www.ietf.org/shadow.html. 30 This Internet-Draft will expire on June 15, 2004. 32 Copyright Notice 34 Copyright (C) The Internet Society (2003). All Rights Reserved. 36 Abstract 38 This is a non-standards track document that tells IANA how to 39 populate the initial IKEv2 registries. 41 Table of Contents 43 1. List of Registries . . . . . . . . . . . . . . . . . . . . . . 3 44 2. IKEv2 Exchange Types . . . . . . . . . . . . . . . . . . . . . 4 45 3. IKEv1 Payload Types . . . . . . . . . . . . . . . . . . . . . 5 46 4. IKEv2 Payload Types . . . . . . . . . . . . . . . . . . . . . 6 47 5. IKEv2 Transform Types . . . . . . . . . . . . . . . . . . . . 7 48 5.1 IKEv2 Transform Attribute Types . . . . . . . . . . . . . . . 7 49 5.2 IKEv2 Encryption Transform Values . . . . . . . . . . . . . . 7 50 5.3 IKEv2 Pseudo-ramdom Function Transform Values . . . . . . . . 8 51 5.4 IKEv2 Integrity Algorithm Transform Values . . . . . . . . . . 8 52 5.5 IKEv2 Diffie-Hellman, ECP and EC2N Transform Values . . . . . 8 53 5.6 IKEv2 Extended Sequence Numbers Transform Values . . . . . . . 9 54 6. IKEv2 Identification Types . . . . . . . . . . . . . . . . . . 10 55 7. IKEv2 Certification Payload Format . . . . . . . . . . . . . . 11 56 8. IKEv2 Authentication Method . . . . . . . . . . . . . . . . . 12 57 9. IKEv2 Notification Payload Types . . . . . . . . . . . . . . . 13 58 9.1 IKEv2 IPCOMP Algorithm Types . . . . . . . . . . . . . . . . . 14 59 10. IKEv2 Security Protocol Identfiers . . . . . . . . . . . . . . 15 60 11. IKEv2 Traffic Selector Types . . . . . . . . . . . . . . . . . 16 61 12. IKEv2 Configuration (CFG) Payload Types . . . . . . . . . . . 17 62 13. IKEv2 Configuration Payload Attribute Types . . . . . . . . . 18 63 Normative references . . . . . . . . . . . . . . . . . . . . . 19 64 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 19 65 Full Copyright Statement . . . . . . . . . . . . . . . . . . . 20 67 1. List of Registries 69 The following registries should be created. 71 Note: when creating a new Transform Type, a new registry for it must 72 be created. 74 * IKEv2 Exchange Types 75 IKEv2 Payload Types 76 IKEv2 Transform Types 77 IKEv2 Transform Attribute Types 78 IKEv2 Encryption Transform Values 79 IKEv2 Pseudo-ramdom Function Transform Values 80 IKEv2 Integrity Algorithm Transform Values 81 IKEv2 Diffie-Hellman, ECP and EC2N Transform Values 82 IKEv2 Extended Sequence Numbers Transform Values 83 IKEv2 Identification Types 84 IKEv2 Certification Payload Format 85 IKEv2 Authentication Method 86 IKEv2 Notification Payload Type 87 IKEv2 IPComp Transform IDs 88 IKEv2 Security Protocol ID 89 IKEv2 Traffic Selector Types 90 IKEv2 Configuration request types 91 IKEv2 Configuration attribute types 93 2. IKEv2 Exchange Types 95 The exchange type occurs in the IKEv2 header. 97 Exchange Type VALUE 98 =============================== 99 RESERVED 0-33 100 IKE_SA_INIT 34 101 IKE_AUTH 35 102 CREATE_CHILD_SA 36 103 INFORMATIONAL 37 104 Reserved for IKEv2+ 38-239 105 Reserved for private use 240-255 107 3. IKEv1 Payload Types 109 Add 111 RESERVED 33-63 113 4. IKEv2 Payload Types 115 NAME ACRONYM VALUE 116 ================================================ 117 No Next Payload 0 118 RESERVED 1-32 119 Security Association SA 33 120 Key Exchange KE 34 121 Identification - Initiator IDi 35 122 Identification - Responder IDr 36 123 Certificate CERT 37 124 Certificate Request CERTREQ 38 125 Authentication AUTH 39 126 Nonce Ni, Nr 40 127 Notify N 41 128 Delete D 42 129 Vendor ID V 43 130 Traffic Selector - Initiator TSi 44 131 Traffic Selector - Responder TSr 45 132 Encrypted E 46 133 Configuration CP 47 134 Extended Authentication EAP 48 135 RESERVED TO IANA 49-127 136 PRIVATE USE 128-255 138 5. IKEv2 Transform Types 140 Transform Type NUMBER 141 ===================== ====== 142 Encryption Algorithm 1 143 Pseudo-random Function 2 144 Integrity Algorithm 3 145 Diffie-Hellman/ECC Group 4 146 Extended Sequence Numbers 5 147 RESERVED TO IANA 6-240 148 PRIVATE USE 241-255 150 5.1 IKEv2 Transform Attribute Types 152 Attribute Type value Attribute Format 153 -------------------------------------------------------------- 154 RESERVED 0-13 155 Key Length (in bits) 14 TV 156 RESERVED 15-17 157 RESERVED TO IANA 18-16383 158 PRIVATE USE 16384-32767 160 5.2 IKEv2 Encryption Transform Values 162 For Transform Type 1 (Encryption Algorithm), defined Transform IDs 163 are: 165 Name Number Defined In 166 ====================== ====== ========== 167 RESERVED 0 168 ENCR_DES_IV64 1 (RFC1827) 169 ENCR_DES 2 (RFC2405) 170 ENCR_3DES 3 (RFC2451) 171 ENCR_RC5 4 (RFC2451) 172 ENCR_IDEA 5 (RFC2451) 173 ENCR_CAST 6 (RFC2451) 174 ENCR_BLOWFISH 7 (RFC2451) 175 ENCR_3IDEA 8 (RFC2451) 176 ENCR_DES_IV32 9 177 ENCR_RC4 10 178 ENCR_NULL 11 (RFC2410) 179 ENCR_AES_CBC 12 180 ENCR_AES_CTR 13 181 RESERVED TO IANA 14-1023 182 PRIVATE USE 1024-65535 184 5.3 IKEv2 Pseudo-ramdom Function Transform Values 186 For Transform Type 2 (Pseudo-random Function), defined Transform IDs 187 are: 189 Name Number Defined In 190 ====================== ====== ========== 191 RESERVED 0 192 PRF_HMAC_MD5 1 (RFC2104) 193 PRF_HMAC_SHA1 2 (RFC2104) 194 PRF_HMAC_TIGER 3 (RFC2104) 195 PRF_AES_CBC 4 196 RESERVED TO IANA 5-1023 197 PRIVATE USE 1024-65535 199 5.4 IKEv2 Integrity Algorithm Transform Values 201 For Transform Type 3 (Integrity Algorithm), defined Transform IDs 202 are: 204 Name Number Defined In 205 ====================== ====== ========== 206 NONE 0 207 AUTH_HMAC_MD5_96 1 (RFC2403) 208 AUTH_HMAC_SHA1_96 2 (RFC2404) 209 AUTH_DES_MAC 3 210 AUTH_KPDK_MD5 4 (RFC1826) 211 AUTH_AES_XCBC_96 5 212 RESERVED TO IANA 6-1023 213 PRIVATE USE 1024-65535 215 5.5 IKEv2 Diffie-Hellman, ECP and EC2N Transform Values 217 For Transform Type 4 (Diffie-Hellman, ECP and EC2N Group), defined 218 Transform IDs are: (see also [1]) 220 Name Number Defined In 221 ====================== ====== ========== 222 NONE 0 223 768-bit MODP group 1 (IKEv2 B.1) 224 1024-bit MODP group 2 (IKEv2 B.2) 225 155-bit EC2N 3 (IKEv2 B.3) 226 185-bit EC2n 4 (IKEv2 B.4) 227 1536-bit MODP group 5 (RFC3526. sec.2) 228 RESERVED TO IANA 6-13 229 2048-bit MODP group 14 (RFC3526. sec 3) 230 3072-bit MODP group 15 (RFC3526. sec 4) 231 4096-bit MODP group 16 (RFC3526. sec 5) 232 6144-bit MODP group 17 (RFC3526. sec 6) 233 8192-bit MODP group 18 (RFC3526. sec 7) 234 RESERVED TO IANA 19-1023 235 PRIVATE USE 1024-65535 237 5.6 IKEv2 Extended Sequence Numbers Transform Values 239 For Transform Type 5 (Extended Sequence Numbers), defined Transform 240 IDs are: 242 Name Number Defined In 243 ====================== ====== ========== 244 No Extended Sequence Numbers 0 (IKEv2) 245 Extended Sequence Numbers 1 246 RESERVED TO IANA 2-65535 248 6. IKEv2 Identification Types 250 Name Number Defined In 251 ========================== ====== ========== 252 RESERVED 0 (IKEv2. section 3.5) 253 ID_IPV4_ADDR 1 (IKEv2. section 3.5) 254 ID_FQDN 2 (IKEv2. section 3.5) 255 ID_RFC822_ADDR 3 (IKEv2. section 3.5) 256 RESERVED 4 (IKEv2. section 3.5) 257 ID_IPV6_ADDR 5 (IKEv2. section 3.5) 258 RESERVED 6 (IKEv2. section 3.5) 259 RESERVED 7 (IKEv2. section 3.5) 260 RESERVED 8 (IKEv2. section 3.5) 261 ID_DER_ASN1_DN 9 (IKEv2. section 3.5) 262 ID_DER_ASN1_GN 10 (IKEv2. section 3.5) 263 ID_KEY_ID 11 (IKEv2. section 3.5) 264 RESERVED TO IANA 12-255 266 7. IKEv2 Certification Payload Format 268 Name Number Defined In 269 ========================== ====== ========== 270 RESERVED 0 (IKEv2. section 3.6) 271 PKCS #7 wrapped X.509 certificate 1 (IKEv2. section 3.6) 272 PGP Certificate 2 (IKEv2. section 3.6) 273 DNS Signed Key 3 (IKEv2. section 3.6) 274 X.509 Certificate - Signature 4 (IKEv2. section 3.6) 275 Kerberos Token 6 (IKEv2. section 3.6) 276 Certificate Revocation List (CRL) 7 (IKEv2. section 3.6) 277 Authority Revocation List (ARL) 8 (IKEv2. section 3.6) 278 SPKI Certificate 9 (IKEv2. section 3.6) 279 X.509 Certificate - Attribute 10 (IKEv2. section 3.6) 280 Raw RSA Key 11 (IKEv2. section 3.6) 281 Hash and URL of PKIX certificate 12 (IKEv2. section 3.6) 282 Hash and URL of PKIX bundle 13 (IKEv2. section 3.6) 283 RESERVED TO IANA 14 - 200 284 PRIVATE USE 201 - 255 286 8. IKEv2 Authentication Method 288 The authentication method occurs in the Authentication Payload in 289 IKEv2 section 3.8. 291 Name Number Defined In 292 ========================== ====== ========== 293 RESERVED 0 (IKEv2) 294 RSA Digital Signature 1 (IKEv2 section 2.15) 295 Shared Key Message Integrity Code 2 (IKEv2 section 2.15) 296 DSS Digital Signature 3 (IKEv2 section 2.15) 297 RESERVED TO IANA 4-200 298 PRIVATE USE 201-255 300 9. IKEv2 Notification Payload Types 302 The authentication method occurs in the Notification Payload in IKEv2 303 section 3.10.1. Errors types are 0-16383. Status types are 16384- 304 65535. 306 Name Number Defined In 307 ========================== ====== ========== 308 Error Types 309 RESERVED 0 310 UNSUPPORTED_CRITICAL_PAYLOAD 1 (IKEv2 section 3.10.1) 311 RESERVED 2,3 312 INVALID_IKE_SPI 4 (IKEv2 section 3.10.1) 313 INVALID_MAJOR_VERSION 5 (IKEv2 section 3.10.1) 314 RESERVED 6 315 INVALID_SYNTAX 7 (IKEv2 section 3.10.1) 316 RESERVED 8 317 INVALID_MESSAGE_ID 9 (IKEv2 section 3.10.1) 318 RESERVED 10 319 INVALID_SPI 11 (IKEv2 section 3.10.1) 320 RESERVED 12,13 321 NO_PROPOSAL_CHOSEN 14 (IKEv2 section 3.10.1) 322 RESERVED 15,16 323 INVALID_KE_PAYLOAD 17 (IKEv2 section 3.10.1) 324 RESERVED 18-23 325 AUTHENTICATION_FAILED 24 (IKEv2 section 3.10.1) 326 RESERVED 25-33 327 SINGLE_PAIR_REQUIRED 34 (IKEv2 section 3.10.1) 328 NO_ADDITIONAL_SAS 35 (IKEv2 section 3.10.1) 329 INTERNAL_ADDRESS_FAILURE 36 (IKEv2 section 3.10.1) 330 FAILED_CP_REQUIRED 37 (IKEv2 section 3.10.1) 331 TS_UNACCEPTABLE 38 (IKEv2 section 3.10.1) 332 RESERVED TO IANA - Error types 39 - 8191 333 Private Use - Errors 8192 - 16383 335 Status Types 336 INITIAL_CONTACT 16384 (IKEv2 section 3.10.1) 337 SET_WINDOW_SIZE 16385 (IKEv2 section 3.10.1) 338 ADDITIONAL_TS_POSSIBLE 16386 (IKEv2 section 3.10.1) 339 IPCOMP_SUPPORTED 16387 (IKEv2 section 3.10.1) 340 NAT_DETECTION_SOURCE_IP 16388 (IKEv2 section 3.10.1) 341 NAT_DETECTION_DESTINATION_IP 16389 (IKEv2 section 3.10.1) 342 COOKIE 16390 (IKEv2 section 3.10.1) 343 USE_TRANSPORT_MODE 16391 (IKEv2 section 3.10.1) 344 HTTP_CERT_LOOKUP_SUPPORTED 16392 (IKEv2 section 3.10.1) 345 REKEY_SA 16393 (IKEv2 section 3.10.1) 346 RESERVED TO IANA - STATUS TYPES 16394 - 40959 347 Private Use - STATUS TYPES 40960 - 65535 349 9.1 IKEv2 IPCOMP Algorithm Types 351 The IPCOMP notification type occurs in a Notification Payload of type 352 IPCOMP_SUPPORTED (16387). The transform IDs currently defined are: 354 NAME NUMBER DEFINED IN 355 ----------- ------ ----------- 356 RESERVED 0 357 IPCOMP_OUI 1 358 IPCOMP_DEFLATE 2 RFC 2394 359 IPCOMP_LZS 3 RFC 2395 360 IPCOMP_LZJH 4 RFC 3051 361 RESERVED TO IANA 5-240 362 PRIVATE USE 241-255 364 10. IKEv2 Security Protocol Identfiers 366 The security protocol ID occurs in the Delete Payload, in IKEv2 367 section 3.11. 369 Name Number Defined In 370 ========================== ====== ========== 371 RESERVED 0 (IKEv2) 372 IKE_SA 1 (IKEv2 section 3.11) 373 AH - authentication header 2 (IKEv2 section 3.11) 374 ESP - encapsulated security payload 3 (IKEv2 section 3.11) 375 RESERVED TO IANA 4-200 376 PRIVATE USE 201-255 378 11. IKEv2 Traffic Selector Types 380 The traffic selector type Traffic Selector Payloads, defined in IKEv2 381 section 3.13. 383 Name Number Defined In 384 ========================== ====== ========== 385 RESERVED 0-6 386 TS_IPV4_ADDR_RANGE 7 (IKEv2 section 3.13.1) 387 TS_IPV6_ADDR_RANGE 8 (IKEv2 section 3.13.1) 388 RESERVED TO IANA 9-255 390 12. IKEv2 Configuration (CFG) Payload Types 392 The CFG type occurs in the Configuration Payload, defined in IKEv2 393 section 3.15. 395 CFG Type Value 396 =========== ===== 397 RESERVED 0 398 CFG_REQUEST 1 399 CFG_REPLY 2 400 CFG_SET 3 401 CFG_ACK 4 402 RESERVED TO IANA 5-127 403 PRIVATE USE 128-255 405 13. IKEv2 Configuration Payload Attribute Types 407 The CFG attribute type occurs in the Configuration Payload, defined 408 in IKEv2 section 3.15. Note this is a 15 bit field. 410 Multi- 411 Attribute Type Value Valued Length 412 ======================= ===== ====== ================== 413 RESERVED 0 414 INTERNAL_IP4_ADDRESS 1 YES* 0 or 4 octets 415 INTERNAL_IP4_NETMASK 2 NO 0 or 4 octets 416 INTERNAL_IP4_DNS 3 YES 0 or 4 octets 417 INTERNAL_IP4_NBNS 4 YES 0 or 4 octets 418 INTERNAL_ADDRESS_EXPIRY 5 NO 0 or 4 octets 419 INTERNAL_IP4_DHCP 6 YES 0 or 4 octets 420 APPLICATION_VERSION 7 NO 0 or more 421 INTERNAL_IP6_ADDRESS 8 YES* 0 or 16 octets 422 INTERNAL_IP6_NETMASK 9 NO 0 or 16 octets 423 INTERNAL_IP6_DNS 10 YES 0 or 16 octets 424 INTERNAL_IP6_NBNS 11 YES 0 or 16 octets 425 INTERNAL_IP6_DHCP 12 YES 0 or 16 octets 426 INTERNAL_IP4_SUBNET 13 NO 0 or 8 octets 427 SUPPORTED_ATTRIBUTES 14 NO Multiple of 2 428 INTERNAL_IP6_SUBNET 15 NO 17 octets 429 RESERVED TO IANA 16-16383 430 PRIVATE USE 16384-32767 432 * These attributes may be multi-valued on return only if 433 multiple values were requested. 435 Normative references 437 [1] Kivinen, T. and M. Kojo, "More Modular Exponential (MODP) 438 Diffie-Hellman groups for Internet Key Exchange (IKE)", RFC 439 3526, May 2003. 441 Author's Address 443 Michael C. Richardson 444 Sandelman Software Works 445 470 Dawson Avenue 446 Ottawa, ON K1Z 5V7 447 CA 449 EMail: mcr@sandelman.ottawa.on.ca 450 URI: http://www.sandelman.ottawa.on.ca/ 452 Full Copyright Statement 454 Copyright (C) The Internet Society (2003). All Rights Reserved. 456 This document and translations of it may be copied and furnished to 457 others, and derivative works that comment on or otherwise explain it 458 or assist in its implementation may be prepared, copied, published 459 and distributed, in whole or in part, without restriction of any 460 kind, provided that the above copyright notice and this paragraph are 461 included on all such copies and derivative works. However, this 462 document itself may not be modified in any way, such as by removing 463 the copyright notice or references to the Internet Society or other 464 Internet organizations, except as needed for the purpose of 465 developing Internet standards in which case the procedures for 466 copyrights defined in the Internet Standards process must be 467 followed, or as required to translate it into languages other than 468 English. 470 The limited permissions granted above are perpetual and will not be 471 revoked by the Internet Society or its successors or assigns. 473 This document and the information contained herein is provided on an 474 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 475 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 476 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 477 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 478 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 480 Acknowledgement 482 Funding for the RFC Editor function is currently provided by the 483 Internet Society.