tech-invite   World Map     

IETF     RFCs     Groups     SIP     ABNFs    |    3GPP     Specs     Gloss.     Arch.     IMS     UICC    |    Misc.    |    search     info

RFC 6071

 
 
 

IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap

Part 4 of 4, p. 49 to 63
Prev RFC Part

 


prevText      Top      Up      ToC       Page 49 
9.  Other Protocols That Adapt IKE for Non-IPsec Functionality

   Some protocols protect their traffic through mechanisms other than
   IPsec, but use IKEv2 as a basis for their key negotiation and key
   management functionality.

9.1.  Extensible Authentication Protocol (EAP)

9.1.1.  RFC 5106, The Extensible Authentication Protocol-Internet Key
        Exchange Protocol version 2 (EAP-IKEv2) Method
        (E, February 2008)

   [RFC5106] specifies an Extensible Authentication Protocol (EAP)
   method that is based on the Internet Key Exchange version 2 (IKEv2)
   protocol.  EAP-IKEv2 provides mutual authentication and session-key
   establishment between an EAP peer and an EAP server.  It describes
   the full EAP-IKEv2 message exchange and the composition of the
   protocol messages.

9.2.  Fibre Channel

9.2.1.  RFC 4595, Use of IKEv2 in the Fibre Channel Security Association
        Management Protocol (I, July 2006)

   Fibre Channel (FC) is a gigabit-speed network technology used for
   Storage Area Networking.  The Fibre Channel Security Protocols (FC-
   SP) standard has adapted the IKEv2 protocol [RFC4306] to provide
   authentication of Fibre Channel entities and setup of security
   associations.  Since IP is transported over Fibre Channel and Fibre
   Channel is transported over IP, there is the potential for confusion
   when IKEv2 is used for both IP and FC traffic.  [RFC4595] specifies
   identifiers for IKEv2 over FC in a fashion that ensures that any
   mistaken usage of IKEv2/FC over IP or IKEv2/IP over FC will result in
   a negotiation failure due to the absence of an acceptable proposal.

Top      Up      ToC       Page 50 
9.3.  Wireless Security

9.3.1.  RFC 4705, GigaBeam High-Speed Radio Link Encryption
        (I, October 2006)

   [RFC4705] describes the encryption and key management used by
   GigaBeam as part of the WiFiber(tm) family of radio-link products and
   is intended to serve as a guideline for similar wireless product
   development efforts to include comparable capabilities.  It specifies
   the algorithms that are used to provide confidentiality and integrity
   protection of both subscriber and management traffic.  It also
   specifies a custom security protocol that runs between two Gigabeam
   Radio Control Modules (RCMs).

10.  Acknowledgements

   The authors would like to thank Yaron Sheffer, Paul Hoffman, Yoav
   Nir, Rajeshwar Singh Jenwar, Alfred Hoenes, Al Morton, Gabriel
   Montenegro, Sean Turner, Julien Laganier, Grey Daley, Scott Moonen,
   Richard Graveman, Tero Kivinen, Pasi Eronen, Ran Atkinson, David
   Black, and Tim Polk for reviewing this document and suggesting
   changes.

11.  Security Considerations

   This RFC serves as a review of other documents and introduces no new
   security considerations itself; however, please see each of the
   individual documents described herein for security considerations
   related to each protocol.

12. References

12.1. Informative References

   [BMWG-1]   Kaeo, M. and T. Van Herck, "Methodology for Benchmarking
              IPsec Devices", Work in Progress, July 2009.

   [BMWG-2]   Kaeo, M., Van Herck T., and M. Bustos, "Terminology for
              Benchmarking IPsec Devices", Work in Progress, July 2009.

   [IKE-MODE-CFG]
              Dukes, D. and R. Pereira, "The ISAKMP Configuration
              Method", Work in Progress, September 2001.

   [IKE-XAUTH]
              Beaulieu, S. and R. Pereira, "Extended Authentication
              within IKE (XAUTH)", Work in Progress, October 2001.

Top      Up      ToC       Page 51 
   [ISAKMP-MODE-CFG]
              Pereira, R., Anand, S., and B. Patel, "The ISAKKMP
              Configuration Method", Work in Progress, August 1999.

   [ISAKMP-XAUTH]
              Pereira, R. and S. Beaulieu, "Extended Authentication
              within ISAKMP/Oakley (XAUTH)", Work in Progress, December
              1999.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC2026]  Bradner, S., "The Internet Standards Process -- Revision
              3", BCP 9, RFC 2026, October 1996.

   [RFC2394]  Pereira, R., "IP Payload Compression Using DEFLATE", RFC
              2394, December 1998.

   [RFC2395]  Friend, R. and R. Monsour, "IP Payload Compression Using
              LZS", RFC 2395, December 1998.

   [RFC2401]  Kent, S. and R. Atkinson, "Security Architecture for the
              Internet Protocol", RFC 2401, November 1998.

   [RFC2402]  Kent, S. and R. Atkinson, "IP Authentication Header", RFC
              2402, November 1998.

   [RFC2403]  Madson, C. and R. Glenn, "The Use of HMAC-MD5-96 within
              ESP and AH", RFC 2403, November 1998.

   [RFC2404]  Madson, C. and R. Glenn, "The Use of HMAC-SHA-1-96 within
              ESP and AH", RFC 2404, November 1998.

   [RFC2405]  Madson, C. and N. Doraswamy, "The ESP DES-CBC Cipher
              Algorithm With Explicit IV", RFC 2405, November 1998.

   [RFC2406]  Kent, S. and R. Atkinson, "IP Encapsulating Security
              Payload (ESP)", RFC 2406, November 1998.

   [RFC2407]  Piper, D., "The Internet IP Security Domain of
              Interpretation for ISAKMP", RFC 2407, November 1998.

   [RFC2408]  Maughan, D., Schertler, M., Schneider, M., and J. Turner,
              "Internet Security Association and Key Management Protocol
              (ISAKMP)", RFC 2408, November 1998.

   [RFC2409]  Harkins, D. and D. Carrel, "The Internet Key Exchange
              (IKE)", RFC 2409, November 1998.

Top      Up      ToC       Page 52 
   [RFC2410]  Glenn, R. and S. Kent, "The NULL Encryption Algorithm and
              Its Use With IPsec", RFC 2410, November 1998.

   [RFC2411]  Thayer, R., Doraswamy, N., and R. Glenn, "IP Security
              Document Roadmap", RFC 2411, November 1998.

   [RFC2412]  Orman, H., "The OAKLEY Key Determination Protocol", RFC
              2412, November 1998.

   [RFC2451]  Pereira, R. and R. Adams, "The ESP CBC-Mode Cipher
              Algorithms", RFC 2451, November 1998.

   [RFC2521]  Karn, P. and W. Simpson, "ICMP Security Failures
              Messages", RFC 2521, March 1999.

   [RFC2709]  Srisuresh, P., "Security Model with Tunnel-mode IPsec for
              NAT Domains", RFC 2709, October 1999.

   [RFC2857]  Keromytis, A. and N. Provos, "The Use of HMAC-
              RIPEMD-160-96 within ESP and AH", RFC 2857, June 2000.

   [RFC3051]  Heath, J. and J. Border, "IP Payload Compression Using
              ITU-T V.44 Packet Method", RFC 3051, January 2001.

   [RFC3056]  Carpenter, B. and K. Moore, "Connection of IPv6 Domains
              via IPv4 Clouds", RFC 3056, February 2001.

   [RFC3095]  Bormann, C., Burmeister, C., Degermark, M., Fukushima, H.,
              Hannu, H., Jonsson, L-E., Hakenberg, R., Koren, T., Le,
              K., Liu, Z., Martensson, A., Miyazaki, A., Svanbro, K.,
              Wiebke, T., Yoshimura, T., and H. Zheng, "RObust Header
              Compression (ROHC): Framework and four profiles: RTP, UDP,
              ESP, and uncompressed", RFC 3095, July 2001.

   [RFC3129]  Thomas, M., "Requirements for Kerberized Internet
              Negotiation of Keys", RFC 3129, June 2001.

   [RFC3173]  Shacham, A., Monsour, B., Pereira, R., and M. Thomas, "IP
              Payload Compression Protocol (IPComp)", RFC 3173,
              September 2001.

   [RFC3329]  Arkko, J., Torvinen, V., Camarillo, G., Niemi, A., and T.
              Haukka, "Security Mechanism Agreement for the Session
              Initiation Protocol (SIP)", RFC 3329, January 2003.

   [RFC3456]  Patel, B., Aboba, B., Kelly, S., and V. Gupta, "Dynamic
              Host Configuration Protocol (DHCPv4) Configuration of
              IPsec Tunnel Mode", RFC 3456, January 2003.

Top      Up      ToC       Page 53 
   [RFC3457]  Kelly, S. and S. Ramamoorthi, "Requirements for IPsec
              Remote Access Scenarios", RFC 3457, January 2003.

   [RFC3526]  Kivinen, T. and M. Kojo, "More Modular Exponential (MODP)
              Diffie-Hellman groups for Internet Key Exchange (IKE)",
              RFC 3526, May 2003.

   [RFC3547]  Baugher, M., Weis, B., Hardjono, T., and H. Harney, "The
              Group Domain of Interpretation", RFC 3547, July 2003.

   [RFC3554]  Bellovin, S., Ioannidis, J., Keromytis, A., and R.
              Stewart, "On the Use of Stream Control Transmission
              Protocol (SCTP) with IPsec", RFC 3554, July 2003.

   [RFC3566]  Frankel, S. and H. Herbert, "The AES-XCBC-MAC-96 Algorithm
              and Its Use With IPsec", RFC 3566, September 2003.

   [RFC3585]  Jason, J., Rafalow, L., and E. Vyncke, "IPsec
              Configuration Policy Information Model", RFC 3585, August
              2003.

   [RFC3586]  Blaze, M., Keromytis, A., Richardson, M., and L. Sanchez,
              "IP Security Policy (IPSP) Requirements", RFC 3586, August
              2003.

   [RFC3602]  Frankel, S., Glenn, R., and S. Kelly, "The AES-CBC Cipher
              Algorithm and Its Use with IPsec", RFC 3602, September
              2003.

   [RFC3686]  Housley, R., "Using Advanced Encryption Standard (AES)
              Counter Mode With IPsec Encapsulating Security Payload
              (ESP)", RFC 3686, January 2004.

   [RFC3706]  Huang, G., Beaulieu, S., and D. Rochefort, "A Traffic-
              Based Method of Detecting Dead Internet Key Exchange (IKE)
              Peers", RFC 3706, February 2004.

   [RFC3715]  Aboba, B. and W. Dixon, "IPsec-Network Address Translation
              (NAT) Compatibility Requirements", RFC 3715, March 2004.

   [RFC3740]  Hardjono, T. and B. Weis, "The Multicast Group Security
              Architecture", RFC 3740, March 2004.

   [RFC3776]  Arkko, J., Devarapalli, V., and F. Dupont, "Using IPsec to
              Protect Mobile IPv6 Signaling Between Mobile Nodes and
              Home Agents", RFC 3776, June 2004.

Top      Up      ToC       Page 54 
   [RFC3830]  Arkko, J., Carrara, E., Lindholm, F., Naslund, M., and K.
              Norrman, "MIKEY: Multimedia Internet KEYing", RFC 3830,
              August 2004.

   [RFC3884]  Touch, J., Eggert, L., and Y. Wang, "Use of IPsec
              Transport Mode for Dynamic Routing", RFC 3884, September
              2004.

   [RFC3947]  Kivinen, T., Swander, B., Huttunen, A., and V. Volpe,
              "Negotiation of NAT-Traversal in the IKE", RFC 3947,
              January 2005.

   [RFC3948]  Huttunen, A., Swander, B., Volpe, V., DiBurro, L., and M.
              Stenberg, "UDP Encapsulation of IPsec ESP Packets", RFC
              3948, January 2005.

   [RFC4025]  Richardson, M., "A Method for Storing IPsec Keying
              Material in DNS", RFC 4025, March 2005.

   [RFC4046]  Baugher, M., Canetti, R., Dondeti, L., and F. Lindholm,
              "Multicast Security (MSEC) Group Key Management
              Architecture", RFC 4046, April 2005.

   [RFC4093]  Adrangi, F., Ed., and H. Levkowetz, Ed., "Problem
              Statement: Mobile IPv4 Traversal of Virtual Private
              Network (VPN) Gateways", RFC 4093, August 2005.

   [RFC4106]  Viega, J. and D. McGrew, "The Use of Galois/Counter Mode
              (GCM) in IPsec Encapsulating Security Payload (ESP)", RFC
              4106, June 2005.

   [RFC4109]  Hoffman, P., "Algorithms for Internet Key Exchange version
              1 (IKEv1)", RFC 4109, May 2005.

   [RFC4196]  Lee, H., Yoon, J., Lee, S., and J. Lee, "The SEED Cipher
              Algorithm and Its Use with IPsec", RFC 4196, October 2005.

   [RFC4301]  Kent, S. and K. Seo, "Security Architecture for the
              Internet Protocol", RFC 4301, December 2005.

   [RFC4302]  Kent, S., "IP Authentication Header", RFC 4302, December
              2005.

   [RFC4303]  Kent, S., "IP Encapsulating Security Payload (ESP)", RFC
              4303, December 2005.

Top      Up      ToC       Page 55 
   [RFC4304]  Kent, S., "Extended Sequence Number (ESN) Addendum to
              IPsec Domain of Interpretation (DOI) for Internet Security
              Association and Key Management Protocol (ISAKMP)", RFC
              4304, December 2005.

   [RFC4305]  Eastlake 3rd, D., "Cryptographic Algorithm Implementation
              Requirements for Encapsulating Security Payload (ESP) and
              Authentication Header (AH)", RFC 4305, December 2005.

   [RFC4306]  Kaufman, C., Ed., "Internet Key Exchange (IKEv2)
              Protocol", RFC 4306, December 2005.

   [RFC4307]  Schiller, J., "Cryptographic Algorithms for Use in the
              Internet Key Exchange Version 2 (IKEv2)", RFC 4307,
              December 2005.

   [RFC4308]  Hoffman, P., "Cryptographic Suites for IPsec", RFC 4308,
              December 2005.

   [RFC4309]  Housley, R., "Using Advanced Encryption Standard (AES) CCM
              Mode with IPsec Encapsulating Security Payload (ESP)", RFC
              4309, December 2005.

   [RFC4312]  Kato, A., Moriai, S., and M. Kanda, "The Camellia Cipher
              Algorithm and Its Use With IPsec", RFC 4312, December
              2005.

   [RFC4322]  Richardson, M. and D. Redelmeier, "Opportunistic
              Encryption using the Internet Key Exchange (IKE)", RFC
              4322, December 2005.

   [RFC4359]  Weis, B., "The Use of RSA/SHA-1 Signatures within
              Encapsulating Security Payload (ESP) and Authentication
              Header (AH)", RFC 4359, January 2006.

   [RFC4430]  Sakane, S., Kamada, K., Thomas, M., and J. Vilhuber,
              "Kerberized Internet Negotiation of Keys (KINK)", RFC
              4430, March 2006.

   [RFC4434]  Hoffman, P., "The AES-XCBC-PRF-128 Algorithm for the
              Internet Key Exchange Protocol (IKE)", RFC 4434, February
              2006.

   [RFC4478]  Nir, Y., "Repeated Authentication in Internet Key Exchange
              (IKEv2) Protocol", RFC 4478, April 2006.

   [RFC4494]  Song, JH., Poovendran, R., and J. Lee, "The AES-CMAC-96
              Algorithm and Its Use with IPsec", RFC 4494, June 2006.

Top      Up      ToC       Page 56 
   [RFC4535]  Harney, H., Meth, U., Colegrove, A., and G. Gross,
              "GSAKMP: Group Secure Association Key Management
              Protocol", RFC 4535, June 2006.

   [RFC4543]  McGrew, D. and J. Viega, "The Use of Galois Message
              Authentication Code (GMAC) in IPsec ESP and AH", RFC 4543,
              May 2006.

   [RFC4552]  Gupta, M. and N. Melam, "Authentication/Confidentiality
              for OSPFv3", RFC 4552, June 2006.

   [RFC4555]  Eronen, P., "IKEv2 Mobility and Multihoming Protocol
              (MOBIKE)", RFC 4555, June 2006.

   [RFC4595]  Maino, F. and D. Black, "Use of IKEv2 in the Fibre Channel
              Security Association Management Protocol", RFC 4595, July
              2006.

   [RFC4615]  Song, J., Poovendran, R., Lee, J., and T. Iwata, "The
              Advanced Encryption Standard-Cipher-based Message
              Authentication Code-Pseudo-Random Function-128 (AES-CMAC-
              PRF-128) Algorithm for the Internet Key Exchange Protocol
              (IKE)", RFC 4615, August 2006.

   [RFC4621]  Kivinen, T. and H. Tschofenig, "Design of the IKEv2
              Mobility and Multihoming (MOBIKE) Protocol", RFC 4621,
              August 2006.

   [RFC4705]  Housley, R. and A. Corry, "GigaBeam High-Speed Radio Link
              Encryption", RFC 4705, October 2006.

   [RFC4718]  Eronen, P. and P. Hoffman, "IKEv2 Clarifications and
              Implementation Guidelines", RFC 4718, October 2006.

   [RFC4739]  Eronen, P. and J. Korhonen, "Multiple Authentication
              Exchanges in the Internet Key Exchange (IKEv2) Protocol",
              RFC 4739, November 2006.

   [RFC4753]  Fu, D. and J. Solinas, "ECP Groups For IKE and IKEv2", RFC
              4753, January 2007.

   [RFC4754]  Fu, D. and J. Solinas, "IKE and IKEv2 Authentication Using
              the Elliptic Curve Digital Signature Algorithm (ECDSA)",
              RFC 4754, January 2007.

   [RFC4806]  Myers, M. and H. Tschofenig, "Online Certificate Status
              Protocol (OCSP) Extensions to IKEv2", RFC 4806, February
              2007.

Top      Up      ToC       Page 57 
   [RFC4807]  Baer, M., Charlet, R., Hardaker, W., Story, R., and C.
              Wang, "IPsec Security Policy Database Configuration MIB",
              RFC 4807, March 2007.

   [RFC4809]  Bonatti, C., Ed., Turner, S., Ed., and G. Lebovitz, Ed.,
              "Requirements for an IPsec Certificate Management
              Profile", RFC 4809, February 2007.

   [RFC4835]  Manral, V., "Cryptographic Algorithm Implementation
              Requirements for Encapsulating Security Payload (ESP) and
              Authentication Header (AH)", RFC 4835, April 2007.

   [RFC4868]  Kelly, S. and S. Frankel, "Using HMAC-SHA-256, HMAC-
              SHA-384, and HMAC-SHA-512 with IPsec", RFC 4868, May 2007.

   [RFC4869]  Law, L. and J. Solinas, "Suite B Cryptographic Suites for
              IPsec", RFC 4869, May 2007.

   [RFC4877]  Devarapalli, V. and F. Dupont, "Mobile IPv6 Operation with
              IKEv2 and the Revised IPsec Architecture", RFC 4877, April
              2007.

   [RFC4891]  Graveman, R., Parthasarathy, M., Savola, P., and H.
              Tschofenig, "Using IPsec to Secure IPv6-in-IPv4 Tunnels",
              RFC 4891, May 2007.

   [RFC4894]  Hoffman, P., "Use of Hash Algorithms in Internet Key
              Exchange (IKE) and IPsec", RFC 4894, May 2007.

   [RFC4945]  Korver, B., "The Internet IP Security PKI Profile of
              IKEv1/ISAKMP, IKEv2, and PKIX", RFC 4945, August 2007.

   [RFC5026]  Giaretta, G., Ed., Kempf, J., and V. Devarapalli, Ed.,
              "Mobile IPv6 Bootstrapping in Split Scenario", RFC 5026,
              October 2007.

   [RFC5106]  Tschofenig, H., Kroeselberg, D., Pashalidis, A., Ohba, Y.,
              and F. Bersani, "The Extensible Authentication Protocol-
              Internet Key Exchange Protocol version 2 (EAP-IKEv2)
              Method", RFC 5106, February 2008.

   [RFC5114]  Lepinski, M. and S. Kent, "Additional Diffie-Hellman
              Groups for Use with IETF Standards", RFC 5114, January
              2008.

   [RFC5201]  Moskowitz, R., Nikander, P., Jokela, P., Ed., and T.
              Henderson, "Host Identity Protocol", RFC 5201, April 2008.

Top      Up      ToC       Page 58 
   [RFC5202]  Jokela, P., Moskowitz, R., and P. Nikander, "Using the
              Encapsulating Security Payload (ESP) Transport Format with
              the Host Identity Protocol (HIP)", RFC 5202, April 2008.

   [RFC5206]  Nikander, P., Henderson, T., Ed., Vogt, C., and J. Arkko,
              "End-Host Mobility and Multihoming with the Host Identity
              Protocol", RFC 5206, April 2008.

   [RFC5207]  Stiemerling, M., Quittek, J., and L. Eggert, "NAT and
              Firewall Traversal Issues of Host Identity Protocol (HIP)
              Communication", RFC 5207, April 2008.

   [RFC5213]  Gundavelli, S., Ed., Leung, K., Devarapalli, V.,
              Chowdhury, K., and B. Patil, "Proxy Mobile IPv6", RFC
              5213, August 2008.

   [RFC5225]  Pelletier, G. and K. Sandlund, "RObust Header Compression
              Version 2 (ROHCv2): Profiles for RTP, UDP, IP, ESP and
              UDP-Lite", RFC 5225, April 2008.

   [RFC5265]  Vaarala, S. and E. Klovning, "Mobile IPv4 Traversal across
              IPsec-Based VPN Gateways", RFC 5265, June 2008.

   [RFC5266]  Devarapalli, V. and P. Eronen, "Secure Connectivity and
              Mobility Using Mobile IPv4 and IKEv2 Mobility and
              Multihoming (MOBIKE)", BCP 136, RFC 5266, June 2008.

   [RFC5282]  Black, D. and D. McGrew, "Using Authenticated Encryption
              Algorithms with the Encrypted Payload of the Internet Key
              Exchange version 2 (IKEv2) Protocol", RFC 5282, August
              2008.

   [RFC5380]  Soliman, H., Castelluccia, C., ElMalki, K., and L.
              Bellier, "Hierarchical Mobile IPv6 (HMIPv6) Mobility
              Management", RFC 5380, October 2008.

   [RFC5386]  Williams, N. and M. Richardson, "Better-Than-Nothing
              Security: An Unauthenticated Mode of IPsec", RFC 5386,
              November 2008.

   [RFC5374]  Weis, B., Gross, G., and D. Ignjatic, "Multicast
              Extensions to the Security Architecture for the Internet
              Protocol", RFC 5374, November 2008.

   [RFC5387]  Touch, J., Black, D., and Y. Wang, "Problem and
              Applicability Statement for Better-Than-Nothing Security
              (BTNS)", RFC 5387, November 2008.

Top      Up      ToC       Page 59 
   [RFC5406]  Bellovin, S., "Guidelines for Specifying the Use of IPsec
              Version 2", BCP 146, RFC 5406, February 2009.

   [RFC5529]  Kato, A., Kanda, M., and S. Kanno, "Modes of Operation for
              Camellia for Use with IPsec", RFC 5529, April 2009.

   [RFC5566]  Berger, L., White, R., and E. Rosen, "BGP IPsec Tunnel
              Encapsulation Attribute", RFC 5566, June 2009.

   [RFC5568]  Koodli, R., Ed., "Mobile IPv6 Fast Handovers", RFC 5568,
              July 2009.

   [RFC5570]  StJohns, M., Atkinson, R., and G. Thomas, "Common
              Architecture Label IPv6 Security Option (CALIPSO)", RFC
              5570, July 2009.

   [RFC5660]  Williams, N., "IPsec Channels: Connection Latching", RFC
              5660, October 2009.

   [RFC5685]  Devarapalli, V. and K. Weniger, "Redirect Mechanism for
              the Internet Key Exchange Protocol Version 2 (IKEv2)", RFC
              5685, November 2009.

   [RFC5723]  Sheffer, Y. and H. Tschofenig, "Internet Key Exchange
              Protocol Version 2 (IKEv2) Session Resumption", RFC 5723,
              January 2010.

   [RFC5739]  Eronen, P., Laganier, J., and C. Madson, "IPv6
              Configuration in Internet Key Exchange Protocol Version 2
              (IKEv2)", RFC 5739, February 2010.

   [RFC5840]  Grewal, K., Montenegro, G., and M. Bhatia, "Wrapped
              Encapsulating Security Payload (ESP) for Traffic
              Visibility", RFC 5840, April 2010.

   [RFC5856]  Ertekin, E., Jasani, R., Christou, C., and C. Bormann,
              "Integration of Robust Header Compression over IPsec
              Security Associations", RFC 5856, May 2010.

   [RFC5857]  Ertekin, E., Christou, C., Jasani, R., Kivinen, T., and C.
              Bormann, "IKEv2 Extensions to Support Robust Header
              Compression over IPsec", RFC 5857, May 2010.

   [RFC5858]  Ertekin, E., Christou, C., and C. Bormann, "IPsec
              Extensions to Support Robust Header Compression over
              IPsec", RFC 5858, May 2010.

Top      Up      ToC       Page 60 
   [RFC5879]  Kivinen, T. and D. McDonald, "Heuristics for Detecting
              ESP-NULL Packets", RFC 5879, May 2010.

   [RFC5903]  Fu, D. and J. Solinas, "Elliptic Curve Groups modulo a
              Prime (ECP Groups) for IKE and IKEv2", RFC 5903, June
              2010.

   [RFC5930]  Shen, S., Mao, Y., and NSS. Murthy, "Using Advanced
              Encryption Standard Counter Mode (AES-CTR) with the
              Internet Key Exchange version 02 (IKEv2) Protocol", RFC
              5930, July 2010.

   [RFC5996]  Kaufman, C., Hoffman, P., Nir, Y., and P. Eronen,
              "Internet Key Exchange Protocol Version 2 (IKEv2)", RFC
              5996, September 2010.

   [RFC5998]  Eronen, P., Tschofenig, H., and Y. Sheffer, "An Extension
              for EAP-Only Authentication in IKEv2", RFC 5998, September
              2010.

   [RFC6027]  Nir, Y., "IPsec Cluster Problem Statement", RFC 6027,
              October 2010.

Top      Up      ToC       Page 61 
Appendix A.  Summary of Algorithm Requirement Levels

                   Table 1: Algorithm Requirement Levels

 +--------------------------+----------------------------------------+
 |         ALGORITHM        |            REQUIREMENT LEVEL           |
 |                          | IKEv1     IKEv2     IPsec-v2  IPsec-v3 |
 +--------------------------+----------------------------------------+
 |Encryption Algorithms:                                             |
 |---------------------                                              |
 | ESP-NULL                 | N/A       N/A       MUST      MUST     |
 |                          |                                        |
 | 3DES-CBC                 | MUST      MUST-     MUST      MUST-    |
 |                          |                                        |
 | Blowfish/CAST/IDEA/RC5   | optional  optional  optional  optional |
 |                          |                                        |
 | AES-CBC 128-bit key      | SHOULD    SHOULD+   MUST      MUST     |
 |                          |                                        |
 | AES-CBC 192/256-bit key  | optional  optional  optional  optional |
 |                          |                                        |
 | AES-CTR                  | undefined optional  SHOULD    SHOULD   |
 |                          |                                        |
 | Camellia-CBC             | optional  optional  optional  optional |
 |                          |                                        |
 | Camellia-CTR             | undefined undefined undefined optional |
 |                          |                                        |
 | SEED-CBC                 | undefined undefined optional  undefined|
 |                          |                                        |
 |Integrity-Protection Algorithms:                                   |
 |------------------------------                                     |
 | HMAC-SHA-1               | MUST      MUST      MUST      MUST     |
 |                          |                                        |
 | AES-XCBC-MAC             | undefined optional  SHOULD+   SHOULD+  |
 |                          |                                        |
 | HMAC-SHA-256/384/512     | optional  optional  optional  optional |
 |                          |                                        |
 | AES-GMAC                 | N/A       N/A       undefined optional |
 |                          |                                        |
 | HMAC-MD5                 | MAY       optional  MAY       MAY      |
 |                          |                                        |
 | AES-CMAC                 | undefined optional  undefined optional |
 |                          |                                        |
 | HMAC-RIPEMD              | undefined undefined optional  undefined|
 +--------------------------+----------------------------------------+

Top      Up      ToC       Page 62 
           Table 1: Algorithm Requirement Levels (continued)

 +--------------------------+----------------------------------------+
 |         ALGORITHM        |            REQUIREMENT LEVEL           |
 |                          | IKEv1     IKEv2     IPsec-v2  IPsec-v3 |
 +--------------------------+----------------------------------------+
 |Combined Mode Algorithms:                                          |
 |------------------------                                           |
 | AES-CCM                  | N/A       optional  N/A       optional |
 |                          |                                        |
 | AES-GCM                  | N/A       optional  N/A       optional |
 |                          |                                        |
 | AES-GMAC                 | N/A       N/A       undefined optional |
 |                          |                                        |
 | Camellia-CCM             | N/A       undefined N/A       optional |
 |                          |                                        |
 |Pseudorandom Functions:                                            |
 |-----------------------                                            |
 | PRF-HMAC-SHA1            | MUST      MUST                         |
 |                          |                                        |
 | PRF-HMAC-SHA-256/384/512 | optional  optional                     |
 |                          |                                        |
 | AES-XCBC-PRF             | undefined SHOULD+                      |
 |                          |                                        |
 | AES-CMAC-PRF             | undefined optional                     |
 |                          |                                        |
 |Diffie-Hellman Algorithms:                                         |
 |-------------------------                                          |
 | DH MODP grp 1            | MAY       optional                     |
 |                          |                                        |
 | DH MODP grp 2            | MUST      MUST-                        |
 |                          |                                        |
 | DH MODP grp 5            | optional  optional                     |
 |                          |                                        |
 | DH MODP grp 14           | SHOULD    SHOULD+                      |
 |                          |                                        |
 | DH MODP grp 15-18        | optional  optional                     |
 |                          |                                        |
 | DH MODP grp 22-24        | optional  optional                     |
 |                          |                                        |
 | DH EC grp 3-4            | MAY       undefined                    |
 |                          |                                        |
 | DH EC grp 19-21          | optional  optional                     |
 |                          |                                        |
 | DH EC grp 25-26          | optional  optional                     |
 +--------------------------+----------------------------------------+

Top      Up      ToC       Page 63 
Authors' Addresses

   Sheila Frankel
   NIST
   Bldg. 223 Rm. B366
   Gaithersburg, MD 20899

   Phone: 1-301-975-3297
   EMail: sheila.frankel@nist.gov


   Suresh Krishnan
   Ericsson
   8400 Decarie Blvd.
   Town of Mount Royal, QC
   Canada

   Phone: 1-514-345-7900 x42871
   EMail: suresh.krishnan@ericsson.com