diff options
Diffstat (limited to 'doc/src/rfc.html')
| -rw-r--r-- | doc/src/rfc.html | 158 |
1 files changed, 158 insertions, 0 deletions
diff --git a/doc/src/rfc.html b/doc/src/rfc.html new file mode 100644 index 000000000..762c66c6e --- /dev/null +++ b/doc/src/rfc.html @@ -0,0 +1,158 @@ +<html> +<head> + <meta http-equiv="Content-Type" content="text/html"> + <title>IPsec RFCs</title> + <meta name="keywords" + content="IPsec, VPN, security, FreeSWAN, RFC, standard"> + <!-- + + Written by Sandy Harris for the Linux FreeS/WAN project + Freely distributable under the GNU General Public License + + More information at www.freeswan.org + Feedback to users@lists.freeswan.org + + CVS information: + RCS ID: $Id: rfc.html,v 1.1 2004/03/15 20:35:24 as Exp $ + Last changed: $Date: 2004/03/15 20:35:24 $ + Revision number: $Revision: 1.1 $ + + CVS revision numbers do not correspond to FreeS/WAN release numbers. + --> +</head> + +<body> +<h1><a name="RFC">IPsec RFCs and related documents</a></h1> + +<h2><a name="RFCfile">The RFCs.tar.gz Distribution File</a></h2> + +<p>The Linux FreeS/WAN distribution is available from <a +href="http://www.xs4all.nl/~freeswan"> our primary distribution site</a> and +various mirror sites. To give people more control over their downloads, the +RFCs that define IP security are bundled separately in the file +RFCs.tar.gz.</p> + +<p>The file you are reading is included in the main distribution and is +available on the web site. It describes the RFCs included in the <a +href="#RFCs.tar.gz">RFCs.tar.gz</a> bundle and gives some pointers to <a +href="#sources">other ways to get them</a>.</p> + +<h2><a name="sources">Other sources for RFCs & Internet drafts</a></h2> + +<h3><a name="RFCdown">RFCs</a></h3> + +<p>RFCs are downloadble at many places around the net such as:</p> +<ul> + <li><a href="http://www.rfc-editor.org">http://www.rfc-editor.org</a></li> + <li><a href="http://nis.nsf.net/internet/documents/rfc">NSF.net</a></li> + <li><a href="http://sunsite.doc.ic.ac.uk/computing/internet/rfc">Sunsite in + the UK</a></li> +</ul> + +<p>browsable in HTML form at others such as:</p> +<ul> + <li><a + href="http://www.landfield.com/rfcs/index.html">landfield.com</a></li> + <li><a href="http://www.library.ucg.ie/Connected/RFC">Connected Internet + Encyclopedia</a></li> +</ul> + +<p>and some of them are available in translation:</p> +<ul> + <li><a href="http://www.eisti.fr/eistiweb/docs/normes/">French</a></li> +</ul> + +<p>There is also a published <a href="biblio.html#RFCs">Big Book of IPSEC +RFCs</a>.</p> + +<h3><a name="drafts">Internet Drafts</a></h3> + +<p>Internet Drafts, working documents which sometimes evolve into RFCs, are +also available.</p> +<ul> + <li><a href="http://www.ietf.org/ID.html">Overall reference page</a></li> + <li><a href="http://www.ietf.org/ids.by.wg/ipsec.html">IPsec</a> working + group</li> + <li><a href="http://www.ietf.org/ids.by.wg/ipsra.html">IPSRA (IPsec Remote + Access)</a> working group</li> + <li><a href="http://www.ietf.org/ids.by.wg/ipsp.html">IPsec Policy</a> + working group</li> + <li><a href="http://www.ietf.org/ids.by.wg/kink.html">KINK (Kerberized + Internet Negotiation of Keys)</a> working group</li> +</ul> + +<p>Note: some of these may be obsolete, replaced by later drafts or by +RFCs.</p> + +<h3><a name="FIPS1">FIPS standards</a></h3> + +<p>Some things used by <a href="glossary.html#IPSEC">IPsec</a>, such as <a +href="glossary.html#DES">DES</a> and <a href="glossary.html#SHA">SHA</a>, are +defined by US government standards called <a +href="glossary.html#FIPS">FIPS</a>. The issuing organisation, <a +href="glossary.html#NIST">NIST</a>, have a <a +href="http://www.itl.nist.gov/div897/pubs">FIPS home page</a>.</p> + +<h2><a name="RFCs.tar.gz">What's in the RFCs.tar.gz bundle?</a></h2> + +<p>All filenames are of the form rfc*.txt, with the * replaced with the RFC +number.</p> +<pre>RFC# Title</pre> + +<h3><a name="rfc.ov">Overview RFCs</a></h3> +<pre>2401 Security Architecture for the Internet Protocol +2411 IP Security Document Roadmap</pre> + +<h3><a name="basic.prot">Basic protocols</a></h3> +<pre>2402 IP Authentication Header +2406 IP Encapsulating Security Payload (ESP)</pre> + +<h3><a name="key.ike">Key management</a></h3> +<pre>2367 PF_KEY Key Management API, Version 2 +2407 The Internet IP Security Domain of Interpretation for ISAKMP +2408 Internet Security Association and Key Management Protocol (ISAKMP) +2409 The Internet Key Exchange (IKE) +2412 The OAKLEY Key Determination Protocol +2528 Internet X.509 Public Key Infrastructure</pre> + +<h3><a name="rfc.detail">Details of various things used</a></h3> +<pre>2085 HMAC-MD5 IP Authentication with Replay Prevention +2104 HMAC: Keyed-Hashing for Message Authentication +2202 Test Cases for HMAC-MD5 and HMAC-SHA-1 +2207 RSVP Extensions for IPSEC Data Flows +2403 The Use of HMAC-MD5-96 within ESP and AH +2404 The Use of HMAC-SHA-1-96 within ESP and AH +2405 The ESP DES-CBC Cipher Algorithm With Explicit IV +2410 The NULL Encryption Algorithm and Its Use With IPsec +2451 The ESP CBC-Mode Cipher Algorithms +2521 ICMP Security Failures Messages</pre> + +<h3><a name="rfc.ref">Older RFCs which may be referenced</a></h3> +<pre>1321 The MD5 Message-Digest Algorithm +1828 IP Authentication using Keyed MD5 +1829 The ESP DES-CBC Transform +1851 The ESP Triple DES Transform +1852 IP Authentication using Keyed SHA</pre> + +<h3><a name="rfc.dns">RFCs for secure DNS service, which IPsec may +use</a></h3> +<pre>2137 Secure Domain Name System Dynamic Update +2230 Key Exchange Delegation Record for the DNS +2535 Domain Name System Security Extensions +2536 DSA KEYs and SIGs in the Domain Name System (DNS) +2537 RSA/MD5 KEYs and SIGs in the Domain Name System (DNS) +2538 Storing Certificates in the Domain Name System (DNS) +2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</pre> + +<h3><a name="rfc.exp">RFCs labelled "experimental"</a></h3> +<pre>2521 ICMP Security Failures Messages +2522 Photuris: Session-Key Management Protocol +2523 Photuris: Extended Schemes and Attributes</pre> + +<h3><a name="rfc.rel">Related RFCs</a></h3> +<pre>1750 Randomness Recommendations for Security +1918 Address Allocation for Private Internets +1984 IAB and IESG Statement on Cryptographic Technology and the Internet +2144 The CAST-128 Encryption Algorithm</pre> +</body> +</html> |