Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)

The IPsec series of protocols makes use of various cryptographic algorithms in order to provide security services. The Encapsulating Security Payload (ESP) and the Authentication Header (AH) provide two mechanisms for protecting data being sent over an IPsec Security Association (SA). To ensure interoperability between disparate implementations, it is necessary to specify a set of mandatory-toimplement algorithms to ensure that there is at least one algorithm that all implementations will have available. This document defines the current set of mandatory-to-implement algorithms for ESP and AH as well as specifying algorithms that should be implemented because they may be promoted to mandatory at some future time.

[1]  Sheila Frankel,et al.  The AES-CBC Cipher Algorithm and Its Use with IPsec , 2003, RFC.

[2]  Rob Adams,et al.  The ESP CBC-Mode Cipher Algorithms , 1998, RFC.

[3]  Jon Postel,et al.  Internet Protocol , 1981, RFC.

[4]  Charlie Kaufman,et al.  Internet Key Exchange (IKEv2) Protocol , 2005, RFC.

[5]  Derrell Piper,et al.  The Internet IP Security Domain of Interpretation for ISAKMP , 1998, RFC.

[6]  Stephen T. Kent,et al.  The NULL Encryption Algorithm and Its Use With IPsec , 1998, RFC.

[7]  Vincent Rijmen,et al.  Update on SHA-1 , 2005, CT-RSA.

[8]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[9]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[10]  Russ Housley,et al.  Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP) , 2004, RFC.

[11]  Cheryl Madson,et al.  The ESP DES-CBC Cipher Algorithm With Explicit IV , 1998, RFC.

[12]  Sheila Frankel,et al.  The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec , 2003, RFC.

[13]  Stephen T. Kent,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[14]  Cheryl Madson,et al.  The Use of HMAC-SHA-1-96 within ESP and AH , 1998, RFC.

[15]  Scott O. Bradner,et al.  Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.

[16]  Cheryl Madson,et al.  The Use of HMAC-MD5-96 within ESP and AH , 1998, RFC.

[17]  Russ Housley,et al.  Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP) , 2005, RFC.

[18]  Stephen T. Kent,et al.  IP Authentication Header , 1995, RFC.

[19]  Vlastimil Klíma Finding MD5 Collisions - a Toy For a Notebook , 2005, IACR Cryptol. ePrint Arch..

[20]  Jeffrey I. Schiller,et al.  Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2) , 2005, RFC.

[21]  Donald E. Eastlake rd Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) , 2005 .

[22]  John Viega,et al.  The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP) , 2005, RFC.

[23]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[24]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.