Browse Prior Art Database

Internet Security Association and Key Management Protocol (ISAKMP) (RFC2408)

IP.com Disclosure Number: IPCOM000002983D
Original Publication Date: 1998-Nov-01
Included in the Prior Art Database: 2019-Feb-11

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Maughan: AUTHOR [+3]

Related Documents

10.17487/RFC2408: DOI

Abstract

This memo describes a protocol utilizing security concepts necessary for establishing Security Associations (SA) and cryptographic keys in an Internet environment. [STANDARDS-TRACK]

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 2% of the total text.

Network Working Group D. Maughan Request for Comments: 2408 National Security Agency Category: Standards Track M. Schertler Securify, Inc. M. Schneider National Security Agency J. Turner RABA Technologies, Inc. November 1998

Internet Security Association and Key Management Protocol (ISAKMP)

Status of this Memo

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

Abstract

This memo describes a protocol utilizing security concepts necessary for establishing Security Associations (SA) and cryptographic keys in an Internet environment. A Security Association protocol that negotiates, establishes, modifies and deletes Security Associations and their attributes is required for an evolving Internet, where there will be numerous security mechanisms and several options for each security mechanism. The key management protocol must be robust in order to handle public key generation for the Internet community at large and private key requirements for those private networks with that requirement. The Internet Security Association and Key Management Protocol (ISAKMP) defines the procedures for authenticating a communicating peer, creation and management of Security Associations, key generation techniques, and threat mitigation (e.g. denial of service and replay attacks). All of these are necessary to establish and maintain secure communications (via IP Security Service or any other security protocol) in an Internet environment.

Maughan, et. al. Standards Track [Page 1]

RFC 2408 ISAKMP November 1998

Table of Contents

1 Introduction 4 1.1 Requirements Terminology . . . . . . . . . . . . . . . . . 5 1.2 The Need for Negotiation . . . . . . . . . . . . . . . . . 5 1.3 What can be Negotiated? . . . . . . . . . . . . . . . . . 6 1.4 Security Associations and Management . . . . . . . . . . . 7 1.4.1 Security Associations and Registration . . . . . . . . 7 1.4.2 ISAKMP Requirements . . . . . . . . . . . . . . . . . 8 1.5 Authentication . . . . . . . . . . . . . . . . . . . . . . 8 1.5.1 Certificate Authorities . . . . . . . . . . . . . . . 9 1.5.2 Entity Naming . . . . . . . . . . . . . . . . . . . . 9 1.5.3 ISAKMP Requirements . . . . . . . . . . . . . . . . . 10 1.6 Public Key Cryptography . . . . . . . . . . . . . . . . . . 10 1.6.1 Key Exchange Properties . . . . . . . . . . . . . . . 11 1.6.2 ISAKMP Requirements . . . . . . . . . . . . . . . . . 12 1.7 ISAKMP Protection . . . . . . . . . . . . . . . . . . . . . 12 1.7.1 Anti-Clogging (Denial of Service) . . . . . . . . . . 12 1.7.2 Connection Hijacking . . . . . . . . . . . . . . . . . 13 1.7.3 Man-in-the-Middle Attacks . . . . . . . . . . . . . . 13 1...

Processing...
Loading...