Browse Prior Art Database

PF_KEY Key Management API, Version 2 (RFC2367)

IP.com Disclosure Number: IPCOM000002938D
Original Publication Date: 1998-Jul-01
Included in the Prior Art Database: 2019-Feb-15
Document File: 68 page(s) / 84K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. McDonald: AUTHOR [+2]

Related Documents

10.17487/RFC2367: DOI

Abstract

A generic key management API that can be used not only for IP Security but also for other network security services is presented in this document. This memo provides information for the Internet community. It does not specify an Internet standard of any kind.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 3% of the total text.

Network Working Group D. McDonald Request for Comments: 2367 C. Metz Category: Informational B. Phan July 1998

PF_KEY Key Management API, Version 2

Status of this Memo

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

Abstract

A generic key management API that can be used not only for IP Security [Atk95a] [Atk95b] [Atk95c] but also for other network security services is presented in this document. Version 1 of this API was implemented inside 4.4-Lite BSD as part of the U. S. Naval Research Laboratory’s freely distributable and usable IPv6 and IPsec implementation[AMPMC96]. It is documented here for the benefit of others who might also adopt and use the API, thus providing increased portability of key management applications (e.g. a manual keying application, an ISAKMP daemon, a GKMP daemon [HM97a][HM97b], a Photuris daemon, or a SKIP certificate discovery protocol daemon).

Table of Contents

1 Introduction ............................................. 3 1.1 Terminology .............................................. 3 1.2 Conceptual Model ......................................... 4 1.3 PF_KEY Socket Definition ................................. 8 1.4 Overview of PF_KEY Messaging Behavior .................... 8 1.5 Common PF_KEY Operations ................................. 9 1.6 Differences Between PF_KEY and PF_ROUTE .................. 10 1.7 Name Space ............................................... 11 1.8 On Manual Keying ..........................................11 2 PF_KEY Message Format .................................... 11 2.1 Base Message Header Format ............................... 12 2.2 Alignment of Headers and Extension Headers ............... 14 2.3 Additional Message Fields ................................ 14 2.3.1 Association Extension .................................... 15 2.3.2 Lifetime Extension ....................................... 16

McDonald, et. al. Informational [Page 1]

RFC 2367 PF_KEY Key Management API July 1998

2.3.3 Address Extension ........................................ 18 2.3.4 Key Extension ............................................ 19 2.3.5 Identity Extension ....................................... 21 2.3.6 Sensitivity Extension .................................... 21 2.3.7 Proposal Extension ....................................... 22 2.3.8 Supported Algorithms Extension ........................... 25 2.3.9 SPI Range Extension ...................................... 26 2.4 Illustration of Message Layout ........................... 27 3 Symbolic Names ........................................... 30 3.1 Message Types ............................................ 31 3.1.1 SADB_GETSPI .............................................. 32 3.1.2 SADB_UPDATE .............................................. 33 3.1.3 SADB_ADD ..................

Processing...
Loading...