本文概述了IPsec及相关标准的历史发展,包括IKE、IKEv2、ISAKMP、ESP、AH等协议,详细列出了各标准的状态和应用情况,涵盖了加密算法、认证方法和扩展功能等关键内容。
IPsec and related standards » 历史记录 » 版本 109
Andreas Steffen, 21.08.2015 07:16
Removed Internet Draft which became RFC 7296
IPsec and related standards
This is a list of IPsec and IPsec-related standards and drafts.
If nothing else is noted in the status column the standards and drafts are at least partially implemented by the most current strongSwan release respectively the Linux kernel.
Status codes are as follows: x - Not supported, d - Under development
Status RFC, Internet Draft
IPsec and IKE Roadmap
RFC 6071: IPsec and IKE Document Roadmap
IKEv1
Core Standards
RFC 2407: IPsec Domain of Interpretation for ISAKMP (IPsec DoI)
RFC 2408: Internet Security Association and Key Management Protocol (ISAKMP)
RFC 2409: Internet Key Exchange (IKE)
Extensions
RFC 3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)
RFC 3706: A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers
RFC 3947: Negotiation of NAT-Traversal in the IKE
draft-dukes-ike-mode-cfg: The ISAKMP Configuration Method
draft-ietf-ipsec-isakmp-xauth: Extended Authentication within ISAKMP/Oakley (XAUTH)
draft-jenkins-ipsec-rekeying: IPsec Re-keying Issues
draft-ietf-ipsec-isakmp-hybrid-auth: A Hybrid Authentication Mode for IKE
IKEv2
Core Standards
RFC 7296: Internet Key Exchange Protocol Version 2 (IKEv2)
RFC 4307: Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
IANA-IKEv2: IKEv2 Parameters
Extensions
RFC 4478: Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
RFC 4555: IKEv2 Mobility and Multihoming Protocol (MOBIKE)
x RFC 4595: Use of IKEv2 in the Fibre Channel Security Association Management Protocol
RFC 6515: The AES-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for IKE
RFC 4621: Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol
RFC 4739: Multiple Authentication Exchanges in the IKEv2 Protocol
RFC 4754: IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA)
x RFC 4806: Online Certificate Status Protocol (OCSP) Extensions to IKEv2
x RFC 5026: Mobile IPv6 Bootstrapping in Split Scenario
RFC 5282: Using Authenticated Encryption Algorithms with the Encrypted Payload of the IKEv2 Protocol
x RFC 5685: Redirect Mechanism for IKEv2
x RFC 5857: IKEv2 Extensions to Support Robust Header Compression over IPsec
x RFC 5723: Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption
x RFC 5739: IPv6 Configuration in Internet Key Exchange Protocol Version 2 (IKEv2)
RFC 5903: ECP Groups for IKE and IKEv2
RFC 5930: Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol
RFC 5998: An Extension for EAP-only Authentication in IKEv2
x RFC 6023: A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security Association (SA)
x RFC 6027: IPsec Cluster Problem Statement
x RFC 6290: A Quick Crash Detection Method for the Internet Key Exchange Protocol (IKE)
x RFC 6311: Protocol Support for High Availability of IKEv2/IPsec
d RFC 6467: Secure Password Framework for IKEv2
x RFC 6617: Secure Pre-Shared Key (PSK) Authentication for the Internet Key Exchange Protocol (IKE)
d RFC 6628: Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2
d RFC 6631: Password Authenticated Connection Establishment with IKEv2
x RFC 6867: An Internet Key Exchange Protocol Version 2 (IKEv2) Extension to Support EAP Re-authentication Protocol (ERP)
RFC 6932: Brainpool Elliptic Curves for the IKE Group Description Registry
RFC 6954: Using the Elliptic Curve Cryptography (ECC) Brainpool Curves for the Internet Key Exchange Protocol Version 2 (IKEv2)
RFC 6989: Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2)
RFC 7383: Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation
RFC 7427: Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)
draft-brunner-ikev2-mediation: IKEv2 Mediation Extension
x draft-laganier-ike-ipv6-cga: Using IKE with IPv6 Cryptographically Generated Addresses
IPsec
Core Standards
RFC 4301: Security Architecture for the Internet Protocol
RFC 4302: IP Authentication Header (AH)
RFC 4303: IP Encapsulating Security Payload (ESP)
RFC 4308: Cryptographic Suites for IPsec
RFC 7321: Cryptographic Algorithm Implementation Requirements and Usage Guidance for ESP and AH
draft-ietf-ipsecme-esp-ah-reqts: Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)
Extensions
RFC 2410: The NULL Encryption Algorithm and Its Use With IPsec
RFC 2451: The ESP CBC-Mode Cipher Algorithms
RFC 3602: The AES-CBC Cipher Algorithm and Its Use with IPsec
RFC 3948: UDP Encapsulation of IPsec ESP Packets
RFC 3686: Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP)
RFC 4106: The Use of Galois/Counter Mode (GCM) in IPsec ESP
RFC 4304: Extended Sequence Number (ESN) Addendum to IPsec DOI for ISAKMP
RFC 4309: Using Advanced Encryption Standard (AES) CCM Mode with IPsec ESP
x RFC 4494: The AES-CMAC-96 Algorithm and Its Use with IPsec
RFC 4543: The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH
RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec
RFC 5114: Additional Diffie-Hellman Groups for Use with IETF Standards
RFC 5529: Modes of Operation for Camellia for Use with IPsec
x RFC 5660: IPsec Channels: Connection Latching
RFC 5879: Heuristics for Detecting ESP-NULL Packets
x RFC 5840: Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility
RFC 6379: Suite B Cryptographic Suites for IPsec
RFC 6380: Suite B Profile for Internet Protocol Security (IPsec)
RFC 6479: IPsec Anti-Replay Algorithm without Bit Shifting
x RFC 7018: Auto-Discovery VPN Problem Statement and Requirements
Multicast IPsec
x RFC 4046: Multicast Security (MSEC) Group Key Management Architecture
x RFC 4535: GSAKMP: Group Secure Association Key Management Protocol
x RFC 5374: Multicast Extensions to the Security Architecture for the Internet Protocol
x RFC 6054: Using Counter Modes with Encapsulating Security Payload (ESP) and Authentication Header (AH) to Protect Group Traffic
x RFC 6407: The Group Domain of Interpretation (GDOI)
x draft-ietf-msec-gkdp: GKDP: Group Key Distribution Protocol
Mobile IPv6
RFC 4877: Mobile IPv6 Operation with IKEv2 and the Revised IPsec Architecture
PKI
RFC 2560: Internet X.509 Public Key Infrastructure - Online Certificate Status Protocol - OCSP
RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers
RFC 4518: LDAP Internationalized String Preparation
RFC 4809: Requirements for an IPsec Certificate Management Profile
RFC 4945: The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX
RFC 5280: Internet X.509 Public Key Infrastructure - Certificate and CRL Profile
RFC 5755: An Internet Attribute Certificate Profile for Authorization
RFC 5759: Suite B Certificate and CRL Profile
draft-nourse-scep: Simple Certificate Enrollment Protocol (SCEP)
EAP
RFC 3748: Extensible Authentication Protocol (EAP)
RFC 4186: EAP Method for GSM Subscriber Identity Modules (EAP-SIM)
RFC 4187: EAP Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)
RFC 5216: The EAP-TLS Authentication Protocol
RFC 5281: The EAP-TTLS Authentication Protocol Version 0
x RFC 5448: Improved EAP Method for 3rd Generation Authentication and Key Agreement (EAP-AKA’)
x RFC 7170: Tunnel EAP Method (TEAP) Version 1
IANA EAP: EAP Method Types
IANA EAP-AKA/SIM: EAP-AKA and EAP-SIM Parameters
RADIUS
RFC 2865: Remote Authentication Dial In User Service (RADIUS)
RFC 2869: RADIUS Extensions
RFC 3579: RADIUS for EAP
DNS
RFC 4025: A Method for Storing IPsec Keying Material in DNS
NEA
RFC 5209: Network Endpoint Assessment (NEA): Overview and Requirements
RFC 5792: PA-TNC: A Posture Attribute (PA) Protocol Compatible with TNC
RFC 5793: PB-TNC: A Posture Broker (PB) Protocol Compatible with TNC
RFC 6876: PT-TLS: Posture Transport Protocol over TLS
RFC 7171: PT-EAP: Posture Transport Protocol For EAP Tunnel Methods
扫一扫
2918
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
