RFC - 2407

The Internet IP Security Domain of Interpretation for ISAKMP

Original:	ftp://ftp.isi.edu/in-notes/rfc2407.txt
Authors:	D. Piper [Network Alchemy]
Date:	November 1998
Category:	Informational
This specification has been !!! obsoleted !!!

---

Obsoleted by:
RFC-4306prop	Internet Key Exchange (IKEv2) Protocol

Referred by:	62 RFC
Refers to:	20 RFC

---

Status

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

IESG Note

Section 4.4.4.2 states, "All implememtations within the IPSEC DOI MUST support ESP_DES...". Recent work in the area of cryptanalysis suggests that DES may not be sufficiently strong for many applications. Therefore, it is very likely that the IETF will deprecate the use of ESP_DES as a mandatory cipher suite in the near future. It will remain as an optional use protocol. Although the IPsec working group and the IETF in general have not settled on an alternative algorithm (taking into account concerns of security and performance), implementers may want to heed the recommendations of section 4.4.4.3 on the use of ESP_3DES.

Abstract

The Internet Security Association and Key Management Protocol (ISAKMP) defines a framework for security association management and cryptographic key establishment for the Internet. This framework consists of defined exchanges, payloads, and processing guidelines that occur within a given Domain of Interpretation (DOI). This document defines the Internet IP Security DOI (IPSEC DOI), which instantiates ISAKMP for use with IP when IP uses ISAKMP to negotiate security associations.

For a list of changes since the previous version of the IPSEC DOI, please see Section 7.

---