draft-kivinen-ipsecme-ikev2-rfc5996bis-03.txt   draft-kivinen-ipsecme-ikev2-rfc5996bis-04.txt 
Network Working Group C. Kaufman Network Working Group C. Kaufman
Internet-Draft Microsoft Internet-Draft Microsoft
Obsoletes: 5996 (if approved) P. Hoffman Obsoletes: 5996 (if approved) P. Hoffman
Intended status: Standards Track VPN Consortium Intended status: Standards Track VPN Consortium
Expires: October 27, 2014 Y. Nir Expires: December 8, 2014 Y. Nir
Check Point Check Point
P. Eronen P. Eronen
Independent Independent
T. Kivinen T. Kivinen
INSIDE Secure INSIDE Secure
April 25, 2014 June 6, 2014
Internet Key Exchange Protocol Version 2 (IKEv2) Internet Key Exchange Protocol Version 2 (IKEv2)
draft-kivinen-ipsecme-ikev2-rfc5996bis-03.txt draft-kivinen-ipsecme-ikev2-rfc5996bis-04.txt
Abstract Abstract
This document describes version 2 of the Internet Key Exchange (IKE) This document describes version 2 of the Internet Key Exchange (IKE)
protocol. IKE is a component of IPsec used for performing mutual protocol. IKE is a component of IPsec used for performing mutual
authentication and establishing and maintaining Security Associations authentication and establishing and maintaining Security Associations
(SAs). This document obsoletes RFC 5996, and includes all of the (SAs). This document obsoletes RFC 5996, and includes all of the
errata for it, and it is intended to update IKEv2 to be Internet errata for it. It advances IKEv2 to be an Internet Standard.
Standard.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on October 27, 2014. This Internet-Draft will expire on December 8, 2014.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 109, line 4 skipping to change at page 109, line 4
completely specifies the cryptographic processing of IKE data, but completely specifies the cryptographic processing of IKE data, but
those documents should be consulted for design rationale. Future those documents should be consulted for design rationale. Future
documents may specify the processing of Encrypted payloads for other documents may specify the processing of Encrypted payloads for other
types of transforms, such as counter mode encryption and types of transforms, such as counter mode encryption and
authenticated encryption algorithms. Peers MUST NOT negotiate authenticated encryption algorithms. Peers MUST NOT negotiate
transforms for which no such specification exists. transforms for which no such specification exists.
When an authenticated encryption algorithm is used to protect the IKE When an authenticated encryption algorithm is used to protect the IKE
SA, the construction of the Encrypted payload is different than what SA, the construction of the Encrypted payload is different than what
is described here. See [AEAD] for more information on authenticated is described here. See [AEAD] for more information on authenticated
encryption algorithms and their use in ESP. encryption algorithms and their use in IKEv2.
The payload type for an Encrypted payload is forty-six (46). The The payload type for an Encrypted payload is forty-six (46). The
Encrypted payload consists of the IKE generic payload header followed Encrypted payload consists of the IKE generic payload header followed
by individual fields as follows: by individual fields as follows:
1 2 3 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Next Payload |C| RESERVED | Payload Length | | Next Payload |C| RESERVED | Payload Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
skipping to change at page 127, line 51 skipping to change at page 127, line 51
RFC 3168, September 2001. RFC 3168, September 2001.
[ESPCBC] Pereira, R. and R. Adams, "The ESP CBC-Mode Cipher [ESPCBC] Pereira, R. and R. Adams, "The ESP CBC-Mode Cipher
Algorithms", RFC 2451, November 1998. Algorithms", RFC 2451, November 1998.
[HTTP] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., [HTTP] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
[IKEV2IANA] [IKEV2IANA]
"Internet Key Exchange Version 2 (IKEv2) Parameters", "Internet Key Exchange Version 2 (IKEv2) Parameters", <htt
<http://www.iana.org>. p://www.iana.org/assignments/ikev2-parameters/
ikev2-parameters.xhtml>.
[IPSECARCH] [IPSECARCH]
Kent, S. and K. Seo, "Security Architecture for the Kent, S. and K. Seo, "Security Architecture for the
Internet Protocol", RFC 4301, December 2005. Internet Protocol", RFC 4301, December 2005.
[MUSTSHOULD] [MUSTSHOULD]
Bradner, S., "Key words for use in RFCs to Indicate Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[PKCS1] Jonsson, J. and B. Kaliski, "Public-Key Cryptography [PKCS1] Jonsson, J. and B. Kaliski, "Public-Key Cryptography
 End of changes. 7 change blocks. 
9 lines changed or deleted 9 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/