RFC 2407:The Internet IP Security Domain of Interp...
RFC-Ref

2 - 3 - 4 - 6 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X

ISAKMP

Click on the red underlined text to get to the source

1. Abstract
... The Internet Security Association and Key Management Protocol (ISAKMP) defines a framework for security association management ...
... DOI (IPSEC DOI), which instantiates ISAKMP for use with IP when IP uses ISAKMP ...
... ISAKMP for use with IP when IP uses ISAKMP to negotiate security associations. ...


2. Introduction
... Within ISAKMP, a Domain of Interpretation is used to group related ...
... Domain of Interpretation is used to group related protocols using ISAKMP to negotiate security associations. Security protocols sharing a DOI ...
... Overall, ISAKMP places the following requirements on a DOI ...


3. Terms and Definitions
... Within ISAKMP, all DOI's must be registered with the IANA in the ...
... Within ISAKMP, the Situation provides information that can be used by the responder to make a policy determination about how to process the ...
... It is expected that many systems choosing to implement ISAKMP will strive to provide a protected domain of execution for a combined IKE ...
... The ISAKMP proposal syntax was specifically designed to allow for the simultaneous negotiation of multiple Phase II security protocol ...
... The following table lists the values for the Security Protocol Identifiers referenced in an ISAKMP Proposal Payload for the IPSEC DOI. ...
... ----------- ----- RESERVED 0 PROTO_ISAKMP 1 PROTO_IPSEC_AH ...
... PROTO_ISAKMP ...
... The PROTO_ISAKMP type specifies message protection required during Phase I of the ISAKMP protocol. The specific protection mechanism ...
... The PROTO_ISAKMP type specifies message protection required during Phase I of the ISAKMP protocol. The specific protection mechanism used for the IPSEC DOI is described in [IKE ...
... IKE]. All implementations within the IPSEC DOI MUST support PROTO_ISAKMP. ...
... NB: ISAKMP reserves the value one (1) across all DOI definitions. ...
... IPSEC ISAKMP Transform Identifiers ...
... As part of an ISAKMP Phase I negotiation, the initiator's choice of ...
... description. The actual selection of Key Exchange mechanism is made using the standard ISAKMP Proposal Payload. The following table lists the defined ISAKMP ...
... ISAKMP Proposal Payload. The following table lists the defined ISAKMP Phase I Transform Identifiers for the Proposal Payload ...
... Within the ISAKMP and IPSEC DOI framework it is possible to define ...
... The IPSEC DOI can still be extended later to include values for additional non-Oakley key establishment protocols for ISAKMP and IPSEC, such as Kerberos ...
... The KEY_IKE type specifies the hybrid ISAKMP/Oakley Diffie-Hellman key exchange (IKE) as defined in the [IKE ...
... defined AH Transform Identifiers for the ISAKMP Proposal Payload for the IPSEC DOI ...
... following table lists the defined ESP Transform Identifiers for the ISAKMP Proposal Payload for the IPSEC DOI. ...
... IPCOMP Transform Identifiers for the ISAKMP Proposal Payload within the ...
... Length (V). Encoding of these attributes is defined in the base ISAKMP specification. ...
... semantics, the IPSEC DOI requires that a conforming ISAKMP implementation MUST correctly parse an attribute list that contains multiple instances of the same attribute class, so ...
... responder is willing to accept, the responder SHOULD include an ISAKMP Notification Payload ...
... The following sections describe those ISAKMP payloads whose data representations are dependent on the applicable DOI ...
... ISAKMP defines two blocks of Notify Message codes, one for errors and one for status messages. ISAKMP ...
... ISAKMP defines two blocks of Notify Message codes, one for errors and one for status messages. ISAKMP also allocates a portion of each block for private use within a DOI ...
... Notification Status Messages MUST be sent under the protection of an ISAKMP SA: either as a payload in the last Main Mode exchange; in a ...
... Implementation Note: the ISAKMP protocol does not guarantee delivery of Notification ...
... of Notification Status messages when sent in an ISAKMP Informational Exchange. To ensure receipt of any particular message, the sender ...
... SA o SPI Size - set to either sixteen (16) (two eight-octet ISAKMP cookies) or four (4) (one IPSEC ...
... LIFETIME (Section 4.6.3) o SPI - set to the two ISAKMP cookies or to the sender's inbound ...
... SPI o Notification Data - contains an ISAKMP attribute list with the responder's actual SA lifetime ...
... SA o SPI Size - set to either sixteen (16) (two eight-octet ISAKMP cookies) or four (4) (one IPSEC ...
... Notify Message Type - set to REPLAY-STATUS o SPI - set to the two ISAKMP cookies or to the sender's inbound ...
... SA o SPI Size - set to sixteen (16) (two eight-octet ISAKMP cookies) o Notify Message Type ...
... Notify Message Type - set to INITIAL-CONTACT o SPI - set to the two ISAKMP cookies o Notification ...


4. Security Considerations
... Internet Key Exchange protocol ([IKE]), which combines ISAKMP ([ISAKMP]) and Oakley ([OAKLEY]) to ...


5. IANA Considerations
... IPSEC ISAKMP Transform Identifiers ...
... The IPSEC ISAKMP Transform Identifier is an 8-bit value which ...
... key exchange protocol to be used for the negotiation. Requests for assignments of new ISAKMP transform identifiers must be accompanied by an RFC which describes the requested key exchange protocol ...
... IPSEC SA attributes are used to pass miscellaneous values between ISAKMP peers. Requests for assignments of new IPSEC SA attributes ...
... bit value taken from the range of values reserved by ISAKMP for each DOI. There is one range for ...


6. Change Log
... at an IPSEC SPI in addition to the ISAKMP "SPI" o added padding exclusion to Secrecy and Integrity ...
... MAC ID ([DESMAC]) o correct bug in Notify section; ISAKMP Notify values are 16-bits ...
... length ciphers (e.g. DES) o replaced references to ISAKMP/Oakley with IKE o renamed ESP ...


8. References
... Maughan, D., Schertler, M., Schneider, M., and J. Turner, "Internet Security Association and Key Management Protocol (ISAKMP)", RFC 2408(-> 4306prop), November 1998. ...

2 - 3 - 4 - 6 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - Q - R - S - T - U - V - W - X

Google
Web
RFC-Ref
RFC-Ref.org
Frontpage
Global Index
RFC
Sister Sites
Chess-Ref.org
Law-Ref.org
InChI.info
Zvon.org