Browse Prior Art Database

The Internet IP Security Domain of Interpretation for ISAKMP (RFC2407)

IP.com Disclosure Number: IPCOM000002982D
Original Publication Date: 1998-Nov-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 26 page(s) / 63K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Piper: AUTHOR

Abstract

The Internet Security Association and Key Management Protocol (ISAKMP) defines a framework for security association management and cryptographic key establishment for the Internet. This framework consists of defined exchanges, payloads, and processing guidelines that occur within a given Domain of Interpretation (DOI). This document defines the Internet IP Security DOI (IPSEC DOI), which instantiates ISAKMP for use with IP when IP uses ISAKMP to negotiate security associations.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 4% of the total text.

Network Working Group D. Piper

Request for Comments: 2407 Network Alchemy

Category: Standards Track November 1998

The Internet IP Security Domain of Interpretation for ISAKMP

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

IESG Note

Section 4.4.4.2 states, "All implememtations within the IPSEC DOI

MUST support ESP_DES...". Recent work in the area of cryptanalysis

suggests that DES may not be sufficiently strong for many

applications. Therefore, it is very likely that the IETF will

deprecate the use of ESP_DES as a mandatory cipher suite in the near

future. It will remain as an optional use protocol. Although the

IPsec working group and the IETF in general have not settled on an

alternative algorithm (taking into account concerns of security and

performance), implementers may want to heed the recommendations of

section 4.4.4.3 on the use of ESP_3DES.

1. Abstract

The Internet Security Association and Key Management Protocol

(ISAKMP) defines a framework for security association management and

cryptographic key establishment for the Internet. This framework

consists of defined exchanges, payloads, and processing guidelines

that occur within a given Domain of Interpretation (DOI). This

document defines the Internet IP Security DOI (IPSEC DOI), which

instantiates ISAKMP for use with IP when IP uses ISAKMP to negotiate

security associations.

For a list of changes since the previous version of the IPSEC DOI,

please see Section 7.

2. Introduction

Within ISAKMP, a Domain of Interpretation is used to group related

protocols using ISAKMP to negotiate security associations. Security

protocols sharing a DOI choose security protocol and cryptographic

transforms from a common namespace and share key exchange protocol

identifiers. They also share a common interpretation of DOI-specific

payload data content, including the Security Association and

Identification payloads.

Overall, ISAKMP places the following requirements on a DOI

definition:

o define the naming scheme for DOI-specific protocol identifiers

o define the interpretation for the Situ...