diff options
Diffstat (limited to 'doc/rfc.html')
| -rw-r--r-- | doc/rfc.html | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/doc/rfc.html b/doc/rfc.html new file mode 100644 index 000000000..29785d8de --- /dev/null +++ b/doc/rfc.html @@ -0,0 +1,135 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"> +<HTML> +<HEAD> +<TITLE>Introduction to FreeS/WAN</TITLE> +<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=iso-8859-1"> +<STYLE TYPE="text/css"><!-- +BODY { font-family: serif } +H1 { font-family: sans-serif } +H2 { font-family: sans-serif } +H3 { font-family: sans-serif } +H4 { font-family: sans-serif } +H5 { font-family: sans-serif } +H6 { font-family: sans-serif } +SUB { font-size: smaller } +SUP { font-size: smaller } +PRE { font-family: monospace } +--></STYLE> +</HEAD> +<BODY> +<A HREF="toc.html">Contents</A> +<A HREF="biblio.html">Previous</A> +<A HREF="roadmap.html">Next</A> +<HR> +<H1><A name="RFC">IPsec RFCs and related documents</A></H1> +<H2><A name="RFCfile">The RFCs.tar.gz Distribution File</A></H2> +<P>The Linux FreeS/WAN distribution is available from<A href="http://www.xs4all.nl/~freeswan"> + our primary distribution site</A> and various mirror sites. To give + people more control over their downloads, the RFCs that define IP + security are bundled separately in the file RFCs.tar.gz.</P> +<P>The file you are reading is included in the main distribution and is + available on the web site. It describes the RFCs included in the<A href="#RFCs.tar.gz"> + RFCs.tar.gz</A> bundle and gives some pointers to<A href="#sources"> + other ways to get them</A>.</P> +<H2><A name="sources">Other sources for RFCs & Internet drafts</A></H2> +<H3><A name="RFCdown">RFCs</A></H3> +<P>RFCs are downloadble at many places around the net such as:</P> +<UL> +<LI><A href="http://www.rfc-editor.org">http://www.rfc-editor.org</A></LI> +<LI><A href="http://nis.nsf.net/internet/documents/rfc">NSF.net</A></LI> +<LI><A href="http://sunsite.doc.ic.ac.uk/computing/internet/rfc">Sunsite + in the UK</A></LI> +</UL> +<P>browsable in HTML form at others such as:</P> +<UL> +<LI><A href="http://www.landfield.com/rfcs/index.html">landfield.com</A></LI> +<LI><A href="http://www.library.ucg.ie/Connected/RFC">Connected Internet + Encyclopedia</A></LI> +</UL> +<P>and some of them are available in translation:</P> +<UL> +<LI><A href="http://www.eisti.fr/eistiweb/docs/normes/">French</A></LI> +</UL> +<P>There is also a published<A href="biblio.html#RFCs"> Big Book of + IPSEC RFCs</A>.</P> +<H3><A name="drafts">Internet Drafts</A></H3> +<P>Internet Drafts, working documents which sometimes evolve into RFCs, + are also available.</P> +<UL> +<LI><A href="http://www.ietf.org/ID.html">Overall reference page</A></LI> +<LI><A href="http://www.ietf.org/ids.by.wg/ipsec.html">IPsec</A> working + group</LI> +<LI><A href="http://www.ietf.org/ids.by.wg/ipsra.html">IPSRA (IPsec + Remote Access)</A> working group</LI> +<LI><A href="http://www.ietf.org/ids.by.wg/ipsp.html">IPsec Policy</A> + working group</LI> +<LI><A href="http://www.ietf.org/ids.by.wg/kink.html">KINK (Kerberized + Internet Negotiation of Keys)</A> working group</LI> +</UL> +<P>Note: some of these may be obsolete, replaced by later drafts or by + RFCs.</P> +<H3><A name="FIPS1">FIPS standards</A></H3> +<P>Some things used by<A href="glossary.html#IPSEC"> IPsec</A>, such as<A +href="glossary.html#DES"> DES</A> and<A href="glossary.html#SHA"> SHA</A> +, are defined by US government standards called<A href="glossary.html#FIPS"> + FIPS</A>. The issuing organisation,<A href="glossary.html#NIST"> NIST</A> +, have a<A href="http://www.itl.nist.gov/div897/pubs"> FIPS home page</A> +.</P> +<H2><A name="RFCs.tar.gz">What's in the RFCs.tar.gz bundle?</A></H2> +<P>All filenames are of the form rfc*.txt, with the * replaced with the + RFC number.</P> +<PRE>RFC# Title</PRE> +<H3><A name="rfc.ov">Overview RFCs</A></H3> +<PRE>2401 Security Architecture for the Internet Protocol +2411 IP Security Document Roadmap</PRE> +<H3><A name="basic.prot">Basic protocols</A></H3> +<PRE>2402 IP Authentication Header +2406 IP Encapsulating Security Payload (ESP)</PRE> +<H3><A name="key.ike">Key management</A></H3> +<PRE>2367 PF_KEY Key Management API, Version 2 +2407 The Internet IP Security Domain of Interpretation for ISAKMP +2408 Internet Security Association and Key Management Protocol (ISAKMP) +2409 The Internet Key Exchange (IKE) +2412 The OAKLEY Key Determination Protocol +2528 Internet X.509 Public Key Infrastructure</PRE> +<H3><A name="rfc.detail">Details of various things used</A></H3> +<PRE>2085 HMAC-MD5 IP Authentication with Replay Prevention +2104 HMAC: Keyed-Hashing for Message Authentication +2202 Test Cases for HMAC-MD5 and HMAC-SHA-1 +2207 RSVP Extensions for IPSEC Data Flows +2403 The Use of HMAC-MD5-96 within ESP and AH +2404 The Use of HMAC-SHA-1-96 within ESP and AH +2405 The ESP DES-CBC Cipher Algorithm With Explicit IV +2410 The NULL Encryption Algorithm and Its Use With IPsec +2451 The ESP CBC-Mode Cipher Algorithms +2521 ICMP Security Failures Messages</PRE> +<H3><A name="rfc.ref">Older RFCs which may be referenced</A></H3> +<PRE>1321 The MD5 Message-Digest Algorithm +1828 IP Authentication using Keyed MD5 +1829 The ESP DES-CBC Transform +1851 The ESP Triple DES Transform +1852 IP Authentication using Keyed SHA</PRE> +<H3><A name="rfc.dns">RFCs for secure DNS service, which IPsec may use</A> +</H3> +<PRE>2137 Secure Domain Name System Dynamic Update +2230 Key Exchange Delegation Record for the DNS +2535 Domain Name System Security Extensions +2536 DSA KEYs and SIGs in the Domain Name System (DNS) +2537 RSA/MD5 KEYs and SIGs in the Domain Name System (DNS) +2538 Storing Certificates in the Domain Name System (DNS) +2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</PRE> +<H3><A name="rfc.exp">RFCs labelled "experimental"</A></H3> +<PRE>2521 ICMP Security Failures Messages +2522 Photuris: Session-Key Management Protocol +2523 Photuris: Extended Schemes and Attributes</PRE> +<H3><A name="rfc.rel">Related RFCs</A></H3> +<PRE>1750 Randomness Recommendations for Security +1918 Address Allocation for Private Internets +1984 IAB and IESG Statement on Cryptographic Technology and the Internet +2144 The CAST-128 Encryption Algorithm</PRE> +<HR> +<A HREF="toc.html">Contents</A> +<A HREF="biblio.html">Previous</A> +<A HREF="roadmap.html">Next</A> +</BODY> +</HTML> |