Browse Prior Art Database

Internet Security Association and Key Management Protocol (ISAKMP) (RFC2408)

IP.com Disclosure Number: IPCOM000002983D
Original Publication Date: 1998-Nov-01
Included in the Prior Art Database: 2000-Sep-13

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Maughan: AUTHOR [+4]

Abstract

This memo describes a protocol utilizing security concepts necessary for establishing Security Associations (SA) and cryptographic keys in an Internet environment. A Security Association protocol that negotiates, establishes, modifies and deletes Security Associations and their attributes is required for an evolving Internet, where there will be numerous security mechanisms and several options for each security mechanism. The key management protocol must be robust in order to handle public key generation for the Internet community at large and private key requirements for those private networks with that requirement. The Internet Security Association and Key Management Protocol (ISAKMP) defines the procedures for authenticating a communicating peer, creation and management of Security Associations, key generation techniques, and threat mitigation (e.g. denial of service and replay attacks). All of these are necessary to establish and maintain secure communications (via IP Security Service or any other security protocol) in an Internet environment.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 1% of the total text.

Network Working Group D. Maughan

Request for Comments: 2408 National Security Agency

Category: Standards Track M. Schertler

Securify, Inc.

M. Schneider

National Security Agency

J. Turner

RABA Technologies, Inc.

November 1998

Internet Security Association and Key Management Protocol (ISAKMP)

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

Abstract

This memo describes a protocol utilizing security concepts necessary

for establishing Security Associations (SA) and cryptographic keys in

an Internet environment. A Security Association protocol that

negotiates, establishes, modifies and deletes Security Associations

and their attributes is required for an evolving Internet, where

there will be numerous security mechanisms and several options for

each security mechanism. The key management protocol must be robust

in order to handle public key generation for the Internet community

at large and private key requirements for those private networks with

that requirement. The Internet Security Association and Key

Management Protocol (ISAKMP) defines the procedures for

authenticating a communicating peer, creation and management of

Security Associations, key generation techniques, and threat

mitigation (e.g. denial of service and replay attacks). All of

these are necessary to establish and maintain secure communications

(via IP Security Service or any other security protocol) in an

Internet environment.

Table of Contents

1 Introduction 4

1.1 Requirements Terminology . . . . . . . . . . . . . . . . . 5

1.2 The Need for Negotiation . . . . . . . . . . . . . . . . . 5

1.3 What can be Negotiated? . . . . . . . . . . . . . . . . . 6

1.4 Security Associations and Management . . . . . . . . . . . 7

1.4.1 Security Associations and Regi...