draft-ietf-msec-gdoi-update-01.txt   draft-ietf-msec-gdoi-update-02.txt 
MSEC Working Group B. Weis MSEC Working Group B. Weis
Internet-Draft S. Rowles Internet-Draft S. Rowles
Expires: April 20, 2007 Cisco Systems Intended status: Standards Track Cisco Systems
October 17, 2006 Expires: September 3, 2007 March 02, 2007
Updates to the Group Domain of Interpretation (GDOI) Updates to the Group Domain of Interpretation (GDOI)
draft-ietf-msec-gdoi-update-01 draft-ietf-msec-gdoi-update-02
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on April 20, 2007. This Internet-Draft will expire on September 3, 2007.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The IETF Trust (2007).
Abstract Abstract
This memo describes updates to the Group Domain of Interpretation This memo describes updates to the Group Domain of Interpretation
(GDOI) [RFC3547]. It provides clarification where the original text (GDOI) [RFC3547]. It provides clarification where the original text
is unclear. It also includes a discussion of algorithm agility is unclear. It also includes a discussion of algorithm agility
within GDOI, and proposes several new algorithm attribute values. within GDOI, and proposes several new algorithm attribute values.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Requirements notation . . . . . . . . . . . . . . . . . . 3 1.1. Requirements notation . . . . . . . . . . . . . . . . . . 4
2. Cryptographic Algorithm agility . . . . . . . . . . . . . . . 4 2. Cryptographic Algorithm agility . . . . . . . . . . . . . . . 5
2.1. Phase 1 protocol . . . . . . . . . . . . . . . . . . . . . 4 2.1. Phase 1 protocol . . . . . . . . . . . . . . . . . . . . . 5
2.2. GROUPKEY-PUSH message . . . . . . . . . . . . . . . . . . 4 2.2. GROUPKEY-PUSH message . . . . . . . . . . . . . . . . . . 5
2.3. IPsec TEK Distribution . . . . . . . . . . . . . . . . . . 5 2.3. IPsec TEK Distribution . . . . . . . . . . . . . . . . . . 6
2.4. Certificate Payload . . . . . . . . . . . . . . . . . . . 5 2.4. Certificate Payload . . . . . . . . . . . . . . . . . . . 6
2.5. POP Payload . . . . . . . . . . . . . . . . . . . . . . . 5 2.5. POP Payload . . . . . . . . . . . . . . . . . . . . . . . 6
3. RFC 3547 Clarification . . . . . . . . . . . . . . . . . . . . 6 3. RFC 3547 Clarification . . . . . . . . . . . . . . . . . . . . 7
3.1. SA Payload . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1. SA Payload . . . . . . . . . . . . . . . . . . . . . . . . 7
3.2. SIG Payload . . . . . . . . . . . . . . . . . . . . . . . 6 3.2. SIG Payload . . . . . . . . . . . . . . . . . . . . . . . 7
3.3. SEQ Payload . . . . . . . . . . . . . . . . . . . . . . . 7 3.3. SEQ Payload . . . . . . . . . . . . . . . . . . . . . . . 8
3.4. POP Payload . . . . . . . . . . . . . . . . . . . . . . . 7 3.4. POP Payload . . . . . . . . . . . . . . . . . . . . . . . 8
3.5. CERT Payload . . . . . . . . . . . . . . . . . . . . . . . 9 3.5. CERT Payload . . . . . . . . . . . . . . . . . . . . . . . 10
3.6. TEK Integrity Key Length . . . . . . . . . . . . . . . . . 9 3.6. TEK Integrity Key Length . . . . . . . . . . . . . . . . . 10
3.7. KE Payload . . . . . . . . . . . . . . . . . . . . . . . . 9 3.7. KE Payload . . . . . . . . . . . . . . . . . . . . . . . . 10
3.8. Minimum defined attributes . . . . . . . . . . . . . . . . 11 3.8. Minimum defined attributes . . . . . . . . . . . . . . . . 12
3.9. Attribute behavour . . . . . . . . . . . . . . . . . . . . 11 3.9. Attribute behavour . . . . . . . . . . . . . . . . . . . . 12
4. GCKS and Group Member Authorization . . . . . . . . . . . . . 12 4. GCKS and Group Member Authorization . . . . . . . . . . . . . 13
4.1. Authorization using the CERT/POP Payloads . . . . . . . . 12 4.1. Authorization using the CERT/POP Payloads . . . . . . . . 13
4.2. Authorization through other methods . . . . . . . . . . . 12 4.2. Authorization through other methods . . . . . . . . . . . 13
5. New GDOI Attributes . . . . . . . . . . . . . . . . . . . . . 13 5. New GDOI Attributes . . . . . . . . . . . . . . . . . . . . . 14
5.1. Signature Hash Algorithm . . . . . . . . . . . . . . . . . 13 5.1. Signature Hash Algorithm . . . . . . . . . . . . . . . . . 14
5.2. Support of AH . . . . . . . . . . . . . . . . . . . . . . 13 5.2. Support of AH . . . . . . . . . . . . . . . . . . . . . . 14
5.3. Sender-Specific Attributes . . . . . . . . . . . . . . . . 16
5.3.1. SENDER_ID . . . . . . . . . . . . . . . . . . . . . . 17
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 6. New IPsec Security Association Attributes . . . . . . . . . . 18
6.1. Address Preservation . . . . . . . . . . . . . . . . . . . 18
6.2. SA Direction . . . . . . . . . . . . . . . . . . . . . . . 18
7. Security Considerations . . . . . . . . . . . . . . . . . . . 17 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 18 8. Security Considerations . . . . . . . . . . . . . . . . . . . 21
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 22
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 19 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 23
9.1. Normative References . . . . . . . . . . . . . . . . . . . 19 10.1. Normative References . . . . . . . . . . . . . . . . . . . 23
9.2. Informative References . . . . . . . . . . . . . . . . . . 19 10.2. Informative References . . . . . . . . . . . . . . . . . . 23
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 21 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 26
Intellectual Property and Copyright Statements . . . . . . . . . . 22 Intellectual Property and Copyright Statements . . . . . . . . . . 27
1. Introduction 1. Introduction
The Group Domain of Interpretation (GDOI) is a group key management The Group Domain of Interpretation (GDOI) is a group key management
protocol fitting into the Multicast Security Group Key Management protocol fitting into the Multicast Security Group Key Management
Architecture [RFC4046]. GDOI is used to disseminate policy and Architecture [RFC4046]. GDOI is used to disseminate policy and
corresponding secrets to a group of participants. GDOI is corresponding secrets to a group of participants. GDOI is
implemented on hosts and intermediate systems to protect group IP implemented on hosts and intermediate systems to protect group IP
communication (e.g., IP multicast packets) by encapsulating them with communication (e.g., IP multicast packets) by encapsulating them with
the IP Encapsulating Security Payload (ESP) [RFC4303] packets. the IP Encapsulating Security Payload (ESP) [RFC4303] packets.
skipping to change at page 5, line 14 skipping to change at page 6, line 14
SIG_HASH_ALGORITHM attribute in a later section. SIG_HASH_ALGORITHM attribute in a later section.
In summary, there are no cryptographic algorithm agility issues with In summary, there are no cryptographic algorithm agility issues with
the GROUPKEY-PUSH message. the GROUPKEY-PUSH message.
2.3. IPsec TEK Distribution 2.3. IPsec TEK Distribution
IPsec SAs are distributed by GDOI. An IPsec ESP SA can include an IPsec SAs are distributed by GDOI. An IPsec ESP SA can include an
encryption cipher for confidentiality and an algorithm for packet encryption cipher for confidentiality and an algorithm for packet
authentication. The encryption ciphers are defined by the IPsec ESP authentication. The encryption ciphers are defined by the IPsec ESP
Transform Identifiers defined in the IANA ISAKMP registry [ISAKMP- Transform Identifiers defined in the IANA ISAKMP registry
REG]. The packet authentication method is distributed via an [ISAKMP-REG]. The packet authentication method is distributed via an
"Authentication Algorithm" SA attribute. SHA-256 may be chosen as "Authentication Algorithm" SA attribute. SHA-256 may be chosen as
the authentication algorithm with HMAC-SHA2-256. Similarly, an IPsec the authentication algorithm with HMAC-SHA2-256. Similarly, an IPsec
AH SA is defined by choosing AH_SHA2-256 as the "AH Transform AH SA is defined by choosing AH_SHA2-256 as the "AH Transform
Identifier". Identifier".
In summary, there are no cryptographic algorithm agility issues In summary, there are no cryptographic algorithm agility issues
during TEK distribution. during TEK distribution.
2.4. Certificate Payload 2.4. Certificate Payload
skipping to change at page 14, line 46 skipping to change at page 15, line 46
should be ignored. should be ignored.
o DST ID Data Len (1 octet) -- Value specifying the length of the o DST ID Data Len (1 octet) -- Value specifying the length of the
DST Identification Data field. DST Identification Data field.
o DST Identification Data (variable length) -- Value, as indicated o DST Identification Data (variable length) -- Value, as indicated
by the DST ID Type. by the DST ID Type.
o Transform ID (1 octet) -- Value specifying which AH transform is o Transform ID (1 octet) -- Value specifying which AH transform is
to be used. The list of valid values is defined in the IPsec AH to be used. The list of valid values is defined in the IPsec AH
Transform Identifiers section of the IANA ISAKMP Registry [ISAKMP- Transform Identifiers section of the IANA ISAKMP Registry
REG]. [ISAKMP-REG].
o SPI (4 octets) -- Security Parameter Index for AH. o SPI (4 octets) -- Security Parameter Index for AH.
o RFC 2407 Attributes -- AH Attributes from Section 4.5 of o RFC 2407 Attributes -- AH Attributes from Section 4.5 of
[RFC2407]. The GDOI supports all IPsec DOI SA Attributes for [RFC2407]. The GDOI supports all IPsec DOI SA Attributes for
GDOI_PROTO_IPSEC_AH excluding the Group Description, which MUST GDOI_PROTO_IPSEC_AH excluding the Group Description, which MUST
NOT be sent by a GDOI implementation and is ignored by a GDOI NOT be sent by a GDOI implementation and is ignored by a GDOI
implementation if received. The Authentication Algorithm implementation if received. The Authentication Algorithm
attribute of the IPsec DOI is group authentication in GDOI. The attribute of the IPsec DOI is group authentication in GDOI. The
following RFC 2407 attributes MUST be sent as part of a following RFC 2407 attributes MUST be sent as part of a
GDOI_PROTO_IPSEC_AH attribute: SA Life Type, SA Life Duration, GDOI_PROTO_IPSEC_AH attribute: SA Life Type, SA Life Duration,
Encapsulation Mode. Encapsulation Mode.
6. IANA Considerations 5.3. Sender-Specific Attributes
The SIG_HASH_ALGORITHM KEK Attribute should be assigned a new RFC 3547 provides for the distribution of policy in the GROUPKEY-PULL
Algorithm Type value from the RESERVED space to represent the SHA-256 exchange in an SA payload. Policy can define GROUPKEY-PUSH policy
hash algorithm as defined. The new algorithm name should be (SA KEK) or traffic encryption policy (SA TEK) such as IPsec policy.
SIG_HASH_SHA256. Additionally, there is a need to distribute sender-specific policy to
each group member that is irrespective of either the SA KEK or SA TEK
policy.
A new SA_TEK type Protocol-ID type should be assigned from the GDOI distributes this sender-specific policy in a new payload called
RESERVED space. The new algorithm id should be called the SA Sender-Specific Attributes Payload (SA SSA). The SA SSA
payload follows any SA KEK payload, and is placed before any SA TEK
payloads. In the case that group policy does not include an SA KEK,
the SA Attribute Next Payload field in the SA payload MAY indicate
the SA SSA payload.
The SA SSA payload MUST NOT be a part of a GROUPKEY-PUSH message,
because distributing the same sender-specific policy to more than one
group member may reduce the security of the group. A group member
MUST NOT process an SA SSA payload present in a GROUPKEY-PUSH
message.
The SA SSA payload is defined as follows:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-!
! Next Payload ! RESERVED ! Payload Length !
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-!
! Sender-Specific Attributes ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-!
The SA SSA payload fields are defined as follows:
o Next Payload (1 octet) -- Identifies the next payload for the
GROUPKEY-PULL or the GROUPKEY-PUSH message. The only valid next
payload type for this message is an SA TEK or zero to indicate
there are no more security association attributes.
o RESERVED (1 octet) -- Must be zero.
o Payload Length (2 octets) -- Length of this payload, including the
SA SSA header and Sender-Specific Attributes.
o Group Attributes (variable) -- Contains sender-specific attributes
following the format defined in ISAKMP [RFC2408] section 3.3.
One attribute with the type of SENDER_ID is defined in this memo.
5.3.1. SENDER_ID
Several new AES counter-based modes of operation have been specified
for ESP [RFC3686],[RFC4106],[RFC4309],[RFC4543] and AH [RFC4543].
These AES counter-based modes require that no two senders in the
group ever send a packet with the same IV. This requirement can be
met using the method described in
[I-D.draft-ietf-msec-ipsec-group-counter-modes], which requires each
sender to be allocated a unique Sender ID (SID). The SENDER_ID
attribute is used to distribute a SID to a group member during the
GROUPKEY-PULL message.
The SENDER_ID attribute value contains the following fields.
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-!
! SID Length ! SID Value ~
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-!
o SID Length (1 octet) -- Number of bits to be used in the SID field
of the counter mode transform nonce.
o SID Value (variable) -- The Sender ID value allocated to the group
member.
The sender MUST construct the IVs in each SA TEK according to
[I-D.draft-ietf-msec-ipsec-group-counter-modes], by using the
SENDER_ID value as the Sender Identifier field, for each of the ESP
encryption algorithms that requires that IV values be distinct, and
for each of the AH authentication algorithms that requires a distinct
IV.
Algorithms needing distinct IVs are specified in
[RFC3686],[RFC4106],[RFC4309] and [RFC4543]. Other algorithms with
the same need may be defined in the future; the sender MUST use the
IV construction method described above with those algorithms as well.
6. New IPsec Security Association Attributes
The Multicast Extensions to RFC 4301 [I-D.ietf-msec-ipsec-extensions]
describes new attributes to an IPsec security association. These
attributes describe policy that a group key management system must
convey in order to support those extensions. The GDOI SA TEK payload
distributes IPsec policy using IPsec security association attributes
defined in [ISAKMP-REG]. This section defines how GDOI can convey
the new attributes as IPsec Security Association Attributes.
6.1. Address Preservation
In order for an IP multicast packet to be encapsulated such that it
will remain an IP multicast packet, the original IP addresses may
need to be retained. This requires a new IPsec SA attribute
describing which of the IP addresses are to be preserved.
Depending on group policy, several address preservation methods are
possible: no address preservation ("None"), preservation of the
original source address ("Source-Only"), preservation of the original
destination address ("Destination-Only"), or both addresses ("Source-
And-Destination"). If the attribute is not included in a GDOI SA TEK
payload then Source-And-Destination address preservation has been
defined for the SA TEK.
6.2. SA Direction
Depending on group policy, an IPsec SA may be required in one or both
directions. An IPsec SA used by multiple senders is required to be
installed in both the sending and receiving direction ("Symmetric"),
whereas an SA with a single sender need only be installed in the
receiving direction by receivers ("Receiver-Only") and in the sending
direction by the sender ("Sender-Only"). If the attribute is not
included in a GDOI SA TEK payload then the IPsec SA is treated as a
Symmetric IPsec SA.
7. IANA Considerations
The GDOI SIG_HASH_ALGORITHM KEK Attribute [GDOI-REG] should be
assigned a new Algorithm Type value from the RESERVED space to
represent the SHA-256 hash algorithm as defined. The new algorithm
name should be SIG_HASH_SHA256.
A new GDOI KEK Attribute [GDOI-REG] is needed to represent the number
of seconds before a sender should transmit on an TEK. The attribute
has the name TEK_TRANSMIT_WAIT_PERIOD, and is a Variable type.
A new GDOI SA TEK type Protocol-ID type [GDOI-REG] should be assigned
from the RESERVED space. The new algorithm id should be called
GDOI_PROTO_IPSEC_AH, and refers to the IPsec AH encapsulation. GDOI_PROTO_IPSEC_AH, and refers to the IPsec AH encapsulation.
7. Security Considerations A new Next Payload Type [ISAKMP-REG] should be assigned. The new
type is called "SA SSA Payload (SSA)".
A new namespace should be created in the GDOI Payloads registry
[GDOI-REG] to describe SA SSA Payload Values. The following rules
apply to define the attributes in SA SSA Payload Values:
Attribute Type Value Type
---- ----- ----
RESERVED 0
SENDER_ID 1 V
Reserved to IANA 2-127
Private Use 128-255
A new IPSEC Security Association Attribute [ISAKMP-REG] defining the
preservation of IP addresses is needed. The attribute class is
called "Address Preservation", and it is a Basic type. The following
rules apply to define the values of the attribute:
Name Value
---- -----
Reserved 0
None 1
Source-Only 2
Destination-Only 3
Source-And-Destination 4
Reserved to IANA 5-61439
Private Use 61440-65535
A new IPSEC Security Association Attribute [ISAKMP-REG] defining the
SA direction is needed. The attribute class is called "SA
Direction", and it is a Basic type. The following rules apply to
define the values of the attribute:
Name Value
---- -----
Reserved 0
Sender-Only 1
Receiver-Only 2
Symmetric 3
Reserved to IANA 4-61439
Private Use 61440-65535
8. Security Considerations
This memo describes additional clarification and protocol updates to This memo describes additional clarification and protocol updates to
the GDOI protocol. The security considerations in RFC 3547 remain the GDOI protocol. The security considerations in RFC 3547 remain
accurate, with the following additions. accurate, with the following additions.
o Several minor cryptographic hash algorithm agility issues are o Several minor cryptographic hash algorithm agility issues are
resolved, and the stronger SHA-256 cryptographic hash algorithm is resolved, and the stronger SHA-256 cryptographic hash algorithm is
added. added.
o Protocol analysis has revealed a man-in-the-middle attack when the o Protocol analysis has revealed a man-in-the-middle attack when the
GCKS does not authorize group members based on their IKEv1 GCKS does not authorize group members based on their IKEv1
authentication credentials. This is true even when a CERT and POP authentication credentials. This is true even when a CERT and POP
payloads are used for authorization. Although suggested as an payloads are used for authorization. Although suggested as an
option in RFC 3547, a GDOI device (group member or GCKS) SHOULD option in RFC 3547, a GDOI device (group member or GCKS) SHOULD
NOT accept an identity in a CERT payload that does not match the NOT accept an identity in a CERT payload that does not match the
IKEv1 identity used to authenticate the group member. IKEv1 identity used to authenticate the group member.
8. Acknowledgements o Any SA TEK specicifying a counter-based mode of operation with
multiple senders MUST construct the IVs in each SA TEK according
to [I-D.draft-ietf-msec-ipsec-group-counter-modes]. The SID MUST
either be pre-configured on all group members or distributed using
the SENDER_ID attribute in the SA SSA payload. However, use use
of the SENDER_ID attribute is RECOMMENDED.
9. Acknowledgements
The authors are grateful to Catherine Meadows for her careful review The authors are grateful to Catherine Meadows for her careful review
and suggestions for mitigating the man-in-the-middle attack she had and suggestions for mitigating the man-in-the-middle attack she had
previously identified. previously identified.
9. References 10. References
9.1. Normative References 10.1. Normative References
[FIPS.180-2.2002] [FIPS.180-2.2002]
National Institute of Standards and Technology, "Secure National Institute of Standards and Technology, "Secure
Hash Standard", FIPS PUB 180-2, August 2002, <http:// Hash Standard", FIPS PUB 180-2, August 2002, <http://
csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf>. csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf>.
[I-D.draft-ietf-msec-ipsec-group-counter-modes]
McGrew, D. and B. Weis, "Using Counter Modes with
Encapsulating Security Payload (ESP) and Authentication
Header (AH) to Protect Group Traffic",
draft-ietf-msec-ipsec-group-counter-modes-000 (work in
progress), February 2007.
[I-D.ietf-msec-ipsec-extensions]
Weis, B., Gross, G., and D. Ignjatic, "Multicast
Extensions to the Security Architecture for the Internet
Protocol", draft-ietf-msec-ipsec-extensions-05 (work in
progress), February 2007.
[NIST.800-56A.2006] [NIST.800-56A.2006]
National Institute of Standards and Technology, National Institute of Standards and Technology,
"Recommendation for Pair-Wise Key Establishment Schemes "Recommendation for Pair-Wise Key Establishment Schemes
Using Discrete Logarithm Cryptography", NIST 800-56A, Using Discrete Logarithm Cryptography", NIST 800-56A,
March 2006, <http://csrc.nist.gov/publications/nistpubs/ March 2006, <http://csrc.nist.gov/publications/nistpubs/
800-56A/sp800-56A_May-3-06.pdf>. 800-56A/sp800-56A_May-3-06.pdf>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2407] Piper, D., "The Internet IP Security Domain of
Interpretation for ISAKMP", RFC 2407, November 1998.
[RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange
(IKE)", RFC 2409, November 1998.
[RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography
Standards (PKCS) #1: RSA Cryptography Specifications
Version 2.1", RFC 3447, February 2003.
[RFC3547] Baugher, M., Weis, B., Hardjono, T., and H. Harney, "The [RFC3547] Baugher, M., Weis, B., Hardjono, T., and H. Harney, "The
Group Domain of Interpretation", RFC 3547, July 2003. Group Domain of Interpretation", RFC 3547, July 2003.
[RFC4046] Baugher, M., Canetti, R., Dondeti, L., and F. Lindholm,
"Multicast Security (MSEC) Group Key Management
Architecture", RFC 4046, April 2005.
[RFC4302] Kent, S., "IP Authentication Header", RFC 4302, [RFC4302] Kent, S., "IP Authentication Header", RFC 4302,
December 2005. December 2005.
[RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)",
RFC 4303, December 2005. RFC 4303, December 2005.
9.2. Informative References 10.2. Informative References
[GDOI-REG] [GDOI-REG]
Internet Assigned Numbers Authority, "Group Domain of Internet Assigned Numbers Authority, "Group Domain of
Interpretation (GDOI) Payload Type Values", IANA Registry, Interpretation (GDOI) Payload Type Values", IANA Registry,
December 2004, December 2004,
<http://www.iana.org/assignments/gdoi-payloads>. <http://www.iana.org/assignments/gdoi-payloads>.
[I-D.hoffman-ike-ipsec-hash-use] [I-D.hoffman-ike-ipsec-hash-use]
Hoffman, P., "Use of Hash Algorithms in IKE and IPsec", Hoffman, P., "Use of Hash Algorithms in IKE and IPsec",
draft-hoffman-ike-ipsec-hash-use-03 (work in progress), draft-hoffman-ike-ipsec-hash-use-05 (work in progress),
July 2006. January 2007.
[IPSEC-REG] [IPSEC-REG]
Internet Assigned Numbers Authority, "Internet Key Internet Assigned Numbers Authority, "Internet Key
Exchange (IKE) Attributes IKE Attributes", IANA Registry, Exchange (IKE) Attributes IKE Attributes", IANA Registry,
December 2005, December 2005,
<http://www.iana.org/assignments/ipsec-registry>. <http://www.iana.org/assignments/ipsec-registry>.
[ISAKMP-REG] [ISAKMP-REG]
Internet Assigned Numbers Authority, "Internet Security Internet Assigned Numbers Authority, "Internet Security
Association and Key Management Protocol (ISAKMP) Association and Key Management Protocol (ISAKMP)
skipping to change at page 21, line 5 skipping to change at page 24, line 31
<http://www.iana.org/assignments/isakmp-registry>. <http://www.iana.org/assignments/isakmp-registry>.
[MP04] Meadows, C. and D. Pavlovic, "Deriving, Attacking, and [MP04] Meadows, C. and D. Pavlovic, "Deriving, Attacking, and
Defending the GDOI Protocol", ESORICS 2004 pp. 53-72, Defending the GDOI Protocol", ESORICS 2004 pp. 53-72,
September 2004. September 2004.
[RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed- [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
Hashing for Message Authentication", RFC 2104, Hashing for Message Authentication", RFC 2104,
February 1997. February 1997.
[RFC2407] Piper, D., "The Internet IP Security Domain of
Interpretation for ISAKMP", RFC 2407, November 1998.
[RFC2408] Maughan, D., Schneider, M., and M. Schertler, "Internet
Security Association and Key Management Protocol
(ISAKMP)", RFC 2408, November 1998.
[RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange
(IKE)", RFC 2409, November 1998.
[RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography
Standards (PKCS) #1: RSA Cryptography Specifications
Version 2.1", RFC 3447, February 2003.
[RFC3686] Housley, R., "Using Advanced Encryption Standard (AES)
Counter Mode With IPsec Encapsulating Security Payload
(ESP)", RFC 3686, January 2004.
[RFC4046] Baugher, M., Canetti, R., Dondeti, L., and F. Lindholm,
"Multicast Security (MSEC) Group Key Management
Architecture", RFC 4046, April 2005.
[RFC4106] Viega, J. and D. McGrew, "The Use of Galois/Counter Mode
(GCM) in IPsec Encapsulating Security Payload (ESP)",
RFC 4106, June 2005.
[RFC4309] Housley, R., "Using Advanced Encryption Standard (AES) CCM
Mode with IPsec Encapsulating Security Payload (ESP)",
RFC 4309, December 2005.
[RFC4543] McGrew, D. and J. Viega, "The Use of Galois Message
Authentication Code (GMAC) in IPsec ESP and AH", RFC 4543,
May 2006.
Authors' Addresses Authors' Addresses
Brian Weis Brian Weis
Cisco Systems Cisco Systems
170 W. Tasman Drive 170 W. Tasman Drive
San Jose, California 95134-1706 San Jose, California 95134-1706
USA USA
Phone: +1-408-526-4796 Phone: +1-408-526-4796
Email: bew@cisco.com Email: bew@cisco.com
Sheela Rowles Sheela Rowles
Cisco Systems Cisco Systems
170 W. Tasman Drive 170 W. Tasman Drive
San Jose, California 95134-1706 San Jose, California 95134-1706
USA USA
Phone: +1-408-527-7677 Phone: +1-408-527-7677
Email: srowles@cisco.com Email: srowles@cisco.com
Intellectual Property Statement Full Copyright Statement
Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.
skipping to change at page 22, line 29 skipping to change at page 27, line 45
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at this standard. Please address the information to the IETF at
ietf-ipr@ietf.org. ietf-ipr@ietf.org.
Disclaimer of Validity
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Copyright Statement
Copyright (C) The Internet Society (2006). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Acknowledgment Acknowledgment
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is provided by the IETF
Internet Society. Administrative Support Activity (IASA).
 End of changes. 32 change blocks. 
86 lines changed or deleted 301 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/