3 <meta http-equiv=
"Content-Type" content=
"text/html">
4 <title>IPsec RFCs
</title>
6 content=
"IPsec, VPN, security, FreeSWAN, RFC, standard">
9 Written by Sandy Harris for the Linux FreeS/WAN project
10 Freely distributable under the GNU General Public License
12 More information at www.freeswan.org
13 Feedback to users@lists.freeswan.org
16 RCS ID: $Id: rfc.html,v 1.1 2004/03/15 20:35:24 as Exp $
17 Last changed: $Date: 2004/03/15 20:35:24 $
18 Revision number: $Revision: 1.1 $
20 CVS revision numbers do not correspond to FreeS/WAN release numbers.
25 <h1><a name=
"RFC">IPsec RFCs and related documents
</a></h1>
27 <h2><a name=
"RFCfile">The RFCs.tar.gz Distribution File
</a></h2>
29 <p>The Linux FreeS/WAN distribution is available from
<a
30 href=
"http://www.xs4all.nl/~freeswan"> our primary distribution site
</a> and
31 various mirror sites. To give people more control over their downloads, the
32 RFCs that define IP security are bundled separately in the file
35 <p>The file you are reading is included in the main distribution and is
36 available on the web site. It describes the RFCs included in the
<a
37 href=
"#RFCs.tar.gz">RFCs.tar.gz
</a> bundle and gives some pointers to
<a
38 href=
"#sources">other ways to get them
</a>.
</p>
40 <h2><a name=
"sources">Other sources for RFCs
& Internet drafts
</a></h2>
42 <h3><a name=
"RFCdown">RFCs
</a></h3>
44 <p>RFCs are downloadble at many places around the net such as:
</p>
46 <li><a href=
"http://www.rfc-editor.org">http://www.rfc-editor.org
</a></li>
47 <li><a href=
"http://nis.nsf.net/internet/documents/rfc">NSF.net
</a></li>
48 <li><a href=
"http://sunsite.doc.ic.ac.uk/computing/internet/rfc">Sunsite in
52 <p>browsable in HTML form at others such as:
</p>
55 href=
"http://www.landfield.com/rfcs/index.html">landfield.com
</a></li>
56 <li><a href=
"http://www.library.ucg.ie/Connected/RFC">Connected Internet
60 <p>and some of them are available in translation:
</p>
62 <li><a href=
"http://www.eisti.fr/eistiweb/docs/normes/">French
</a></li>
65 <p>There is also a published
<a href=
"biblio.html#RFCs">Big Book of IPSEC
68 <h3><a name=
"drafts">Internet Drafts
</a></h3>
70 <p>Internet Drafts, working documents which sometimes evolve into RFCs, are
73 <li><a href=
"http://www.ietf.org/ID.html">Overall reference page
</a></li>
74 <li><a href=
"http://www.ietf.org/ids.by.wg/ipsec.html">IPsec
</a> working
76 <li><a href=
"http://www.ietf.org/ids.by.wg/ipsra.html">IPSRA (IPsec Remote
77 Access)
</a> working group
</li>
78 <li><a href=
"http://www.ietf.org/ids.by.wg/ipsp.html">IPsec Policy
</a>
80 <li><a href=
"http://www.ietf.org/ids.by.wg/kink.html">KINK (Kerberized
81 Internet Negotiation of Keys)
</a> working group
</li>
84 <p>Note: some of these may be obsolete, replaced by later drafts or by
87 <h3><a name=
"FIPS1">FIPS standards
</a></h3>
89 <p>Some things used by
<a href=
"glossary.html#IPSEC">IPsec
</a>, such as
<a
90 href=
"glossary.html#DES">DES
</a> and
<a href=
"glossary.html#SHA">SHA
</a>, are
91 defined by US government standards called
<a
92 href=
"glossary.html#FIPS">FIPS
</a>. The issuing organisation,
<a
93 href=
"glossary.html#NIST">NIST
</a>, have a
<a
94 href=
"http://www.itl.nist.gov/div897/pubs">FIPS home page
</a>.
</p>
96 <h2><a name=
"RFCs.tar.gz">What's in the RFCs.tar.gz bundle?
</a></h2>
98 <p>All filenames are of the form rfc*.txt, with the * replaced with the RFC
100 <pre>RFC# Title
</pre>
102 <h3><a name=
"rfc.ov">Overview RFCs
</a></h3>
103 <pre>2401 Security Architecture for the Internet Protocol
104 2411 IP Security Document Roadmap
</pre>
106 <h3><a name=
"basic.prot">Basic protocols
</a></h3>
107 <pre>2402 IP Authentication Header
108 2406 IP Encapsulating Security Payload (ESP)
</pre>
110 <h3><a name=
"key.ike">Key management
</a></h3>
111 <pre>2367 PF_KEY Key Management API, Version
2
112 2407 The Internet IP Security Domain of Interpretation for ISAKMP
113 2408 Internet Security Association and Key Management Protocol (ISAKMP)
114 2409 The Internet Key Exchange (IKE)
115 2412 The OAKLEY Key Determination Protocol
116 2528 Internet X
.509 Public Key Infrastructure
</pre>
118 <h3><a name=
"rfc.detail">Details of various things used
</a></h3>
119 <pre>2085 HMAC-MD5 IP Authentication with Replay Prevention
120 2104 HMAC: Keyed-Hashing for Message Authentication
121 2202 Test Cases for HMAC-MD5 and HMAC-SHA-
1
122 2207 RSVP Extensions for IPSEC Data Flows
123 2403 The Use of HMAC-MD5-
96 within ESP and AH
124 2404 The Use of HMAC-SHA-
1-
96 within ESP and AH
125 2405 The ESP DES-CBC Cipher Algorithm With Explicit IV
126 2410 The NULL Encryption Algorithm and Its Use With IPsec
127 2451 The ESP CBC-Mode Cipher Algorithms
128 2521 ICMP Security Failures Messages
</pre>
130 <h3><a name=
"rfc.ref">Older RFCs which may be referenced
</a></h3>
131 <pre>1321 The MD5 Message-Digest Algorithm
132 1828 IP Authentication using Keyed MD5
133 1829 The ESP DES-CBC Transform
134 1851 The ESP Triple DES Transform
135 1852 IP Authentication using Keyed SHA
</pre>
137 <h3><a name=
"rfc.dns">RFCs for secure DNS service, which IPsec may
139 <pre>2137 Secure Domain Name System Dynamic Update
140 2230 Key Exchange Delegation Record for the DNS
141 2535 Domain Name System Security Extensions
142 2536 DSA KEYs and SIGs in the Domain Name System (DNS)
143 2537 RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)
144 2538 Storing Certificates in the Domain Name System (DNS)
145 2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS)
</pre>
147 <h3><a name=
"rfc.exp">RFCs labelled
"experimental"</a></h3>
148 <pre>2521 ICMP Security Failures Messages
149 2522 Photuris: Session-Key Management Protocol
150 2523 Photuris: Extended Schemes and Attributes
</pre>
152 <h3><a name=
"rfc.rel">Related RFCs
</a></h3>
153 <pre>1750 Randomness Recommendations for Security
154 1918 Address Allocation for Private Internets
155 1984 IAB and IESG Statement on Cryptographic Technology and the Internet
156 2144 The CAST-
128 Encryption Algorithm
</pre>
projects / people / ms / strongswan.git / blob