Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Extended Sequence Number (ESN) Addendum to IPsec Domain of Interpretation (DOI) for Internet Security Association and Key Management Protocol (ISAKMP) (RFC4304)

IP.com Disclosure Number: IPCOM000132538D
Original Publication Date: 2005-Dec-01
Included in the Prior Art Database: 2005-Dec-21
Document File: 6 page(s) / 9K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

S. Kent: AUTHOR

Abstract

The IP Security Authentication Header (AH) and Encapsulating Security Payload (ESP) protocols use a sequence number to detect replay. This document describes extensions to the Internet IP Security Domain of Interpretation (DOI) for the Internet Security Association and Key Management Protocol (ISAKMP). These extensions support negotiation of the use of traditional 32-bit sequence numbers or extended (64- bit) sequence numbers (ESNs) for a particular AH or ESP security association.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 30% of the total text.

Network Working Group                                            S. Kent
Request for Comments: 4304                              BBN Technologies
Category: Standards Track                                  December 2005


              Extended Sequence Number (ESN) Addendum to
                  IPsec Domain of Interpretation (DOI)
                   for Internet Security Association
                  and Key Management Protocol (ISAKMP)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2005).

Abstract

   The IP Security Authentication Header (AH) and Encapsulating Security
   Payload (ESP) protocols use a sequence number to detect replay.  This
   document describes extensions to the Internet IP Security Domain of
   Interpretation (DOI) for the Internet Security Association and Key
   Management Protocol (ISAKMP).  These extensions support negotiation
   of the use of traditional 32-bit sequence numbers or extended (64-
   bit) sequence numbers (ESNs) for a particular AH or ESP security
   association.

Kent                        Standards Track                     [Page 1]
RFC 4304               ESN Addendum to ISAKMP DOI          December 2005


1.  Introduction

   The specifications for the IP Authentication Header (AH) [AH] and the
   IP Encapsulating Security Payload (ESP) [ESP] describe an option for
   use of extended (64-bit) sequence numbers.  This option permits
   transmission of very large volumes of data at high speeds over an
   IPsec Security Association, without rekeying to avoid sequence number
   space exhaustion.  This document describes the additions to the IPsec
   DOI for ISAKMP [DOI] that are needed to support negotiation of the
   extended sequence number (ESN) option.

   The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
   SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
   document, are to be interpreted as described in RFC 2119 [Bra97].

2.  IPsec Security Association Attribute

   The following SA attribute definition is used in Phase II of an
   Internet Key Exchange Protocol (IKE) negotiation.  The attribute type
   is Basic (B).  Encoding of this attribute is defined in the base
   ISAKMP specification [ISAKMP].  Attributes described as basic MUST
   NOT be encoded as variable.  See [IKE] for further informat...