Browse Prior Art Database

PF_KEY Key Management API, Version 2 (RFC2367)

IP.com Disclosure Number: IPCOM000002938D
Original Publication Date: 1998-Jul-01
Included in the Prior Art Database: 2000-Sep-13

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. McDonald: AUTHOR [+3]

Abstract

A generic key management API that can be used not only for IP Security [Atk95a] [Atk95b] [Atk95c] but also for other network security services is presented in this document. Version 1 of this API was implemented inside 4.4-Lite BSD as part of the U. S. Naval Research Laboratory's freely distributable and usable IPv6 and IPsec implementation[AMPMC96]. It is documented here for the benefit of others who might also adopt and use the API, thus providing increased portability of key management applications (e.g. a manual keying application, an ISAKMP daemon, a GKMP daemon [HM97a][HM97b], a Photuris daemon, or a SKIP certificate discovery protocol daemon).

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 2% of the total text.

Network Working Group D. McDonald

Request for Comments: 2367 C. Metz

Category: Informational B. Phan

July 1998

PF_KEY Key Management API, Version 2

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard of any kind. Distribution of this

memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

Abstract

A generic key management API that can be used not only for IP

Security [Atk95a] [Atk95b] [Atk95c] but also for other network

security services is presented in this document. Version 1 of this

API was implemented inside 4.4-Lite BSD as part of the U. S. Naval

Research Laboratory's freely distributable and usable IPv6 and IPsec

implementation[AMPMC96]. It is documented here for the benefit of

others who might also adopt and use the API, thus providing increased

portability of key management applications (e.g. a manual keying

application, an ISAKMP daemon, a GKMP daemon [HM97a][HM97b], a

Photuris daemon, or a SKIP certificate discovery protocol daemon).

Table of Contents

1 Introduction ............................................. 3

1.1 Terminology .............................................. 3

1.2 Conceptual Model ......................................... 4

1.3 PF_KEY Socket Definition ................................. 8

1.4 Overview of PF_KEY Messaging Behavior .................... 8

1.5 Common PF_KEY Operations ................................. 9

1.6 Differences Between PF_KEY and PF_ROUTE .................. 10

1.7 Name Space ............................................... 11

1.8 On Manual Keying ..........................................11

2 PF_KEY Message Format .................................... 11

2.1 Base Message Header Format ............................... 12

2.2 Alignment of Headers and Extension Headers ............... 14

2.3 Additional Message Fields ................................ 14

2.3.1 Association Extension .................................... 15

2.3.2 Lifetime Extension ....................................... 16

2.3.3 Address Extension ........................................ 18

2.3.4 Key Extension ............................................ 19

2.3.5 Identity Extension ....................................... 21

2.3.6 Sensitivity Extension .................................... 21

2.3.7 Proposal Extension ....................................... 22

2.3.8 Supported Algorithms Extension ........................... 25

2.3.9 SPI Range Extension ...................................... 26

2.4 Illustration of Message Layout ........................... 27

3 Symbolic Names ......................................