| draft-ietf-lwig-ikev2-minimal-00.txt | draft-ietf-lwig-ikev2-minimal-01.txt | |||
|---|---|---|---|---|
| Light-Weight Implementation Guidance T. Kivinen | Light-Weight Implementation Guidance T. Kivinen | |||
| (lwig) INSIDE Secure | (lwig) INSIDE Secure | |||
| Internet-Draft April 11, 2013 | Internet-Draft October 17, 2013 | |||
| Intended status: Informational | Intended status: Informational | |||
| Expires: October 13, 2013 | Expires: April 20, 2014 | |||
| Minimal IKEv2 | Minimal IKEv2 | |||
| draft-ietf-lwig-ikev2-minimal-00.txt | draft-ietf-lwig-ikev2-minimal-01.txt | |||
| Abstract | Abstract | |||
| This document describes minimal version of the Internet Key Exchange | This document describes minimal version of the Internet Key Exchange | |||
| version 2 (IKEv2) protocol. IKEv2 is a component of IPsec used for | version 2 (IKEv2) protocol. IKEv2 is a component of IPsec used for | |||
| performing mutual authentication and establishing and maintaining | performing mutual authentication and establishing and maintaining | |||
| Security Associations (SAs). IKEv2 includes several optional | Security Associations (SAs). IKEv2 includes several optional | |||
| features, which are not needed in minimal implementations. This | features, which are not needed in minimal implementations. This | |||
| document describes what is required from the minimal implementation, | document describes what is required from the minimal implementation, | |||
| and also describes various optimizations which can be done. The | and also describes various optimizations which can be done. The | |||
| protocol described here is compliant with full IKEv2 with exception | protocol described here is compliant with full IKEv2 with exception | |||
| that this document only describes shared secret authentication (IKEv2 | that this document describes mainly shared secret authentication | |||
| requires support for certificate authentication in addition to shared | (IKEv2 requires support for certificate authentication in addition to | |||
| secret authentication). | shared secret authentication). | |||
| This document does not update or modify RFC 5996, but provides more | This document does not update or modify RFC 5996, but provides more | |||
| compact description of the minimal version of the protocol. If this | compact description of the minimal version of the protocol. If this | |||
| document and RFC 5996 conflicts then RFC 5996 is the authoritative | document and RFC 5996 conflicts then RFC 5996 is the authoritative | |||
| description. | description. | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| skipping to change at page 1, line 46 | skipping to change at page 1, line 46 | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on October 13, 2013. | This Internet-Draft will expire on April 20, 2014. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2013 IETF Trust and the persons identified as the | Copyright (c) 2013 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| skipping to change at page 4, line 34 | skipping to change at page 4, line 34 | |||
| This document should be stand-alone, meaning everything needed to | This document should be stand-alone, meaning everything needed to | |||
| implement IKEv2 is copied here except the description of the | implement IKEv2 is copied here except the description of the | |||
| cryptographic algorithms. The IKEv2 specification has lots of | cryptographic algorithms. The IKEv2 specification has lots of | |||
| background information and rationale which has been omitted from this | background information and rationale which has been omitted from this | |||
| document. | document. | |||
| Numerous additional numeric values from IANA registries have been | Numerous additional numeric values from IANA registries have been | |||
| omitted from this document, only those which are of interest for | omitted from this document, only those which are of interest for | |||
| minimal implementation are listed in this document. | minimal implementation are listed in this document. | |||
| The main body of this document describes how to use the shared secret | ||||
| authentication in the IKEv2, as it is easiest to implement. In some | ||||
| cases that is not enough and the Appendix B.2 describes how to use | ||||
| Raw Public keys instead of shared secret authentication. | ||||
| For more information check the full IKEv2 specification in RFC 5996 | For more information check the full IKEv2 specification in RFC 5996 | |||
| [RFC5996] and [IKEV2IANA]. | [RFC5996] and [IKEV2IANA]. | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| 1.1. Use Cases | 1.1. Use Cases | |||
| One use case for this kind of minimal implementation is in small | One use case for this kind of minimal implementation is in small | |||
| End of changes. 6 change blocks. | ||||
| 7 lines changed or deleted | 12 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||