summaryrefslogtreecommitdiff
path: root/doc/rfc.html
blob: 29785d8de5770c76f8f063319726b08037ab7157 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML>
<HEAD>
<TITLE>Introduction to FreeS/WAN</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=iso-8859-1">
<STYLE TYPE="text/css"><!--
BODY { font-family: serif }
H1 { font-family: sans-serif }
H2 { font-family: sans-serif }
H3 { font-family: sans-serif }
H4 { font-family: sans-serif }
H5 { font-family: sans-serif }
H6 { font-family: sans-serif }
SUB { font-size: smaller }
SUP { font-size: smaller }
PRE { font-family: monospace }
--></STYLE>
</HEAD>
<BODY>
<A HREF="toc.html">Contents</A>
<A HREF="biblio.html">Previous</A>
<A HREF="roadmap.html">Next</A>
<HR>
<H1><A name="RFC">IPsec RFCs and related documents</A></H1>
<H2><A name="RFCfile">The RFCs.tar.gz Distribution File</A></H2>
<P>The Linux FreeS/WAN distribution is available from<A href="http://www.xs4all.nl/~freeswan">
 our primary distribution site</A> and various mirror sites. To give
 people more control over their downloads, the RFCs that define IP
 security are bundled separately in the file RFCs.tar.gz.</P>
<P>The file you are reading is included in the main distribution and is
 available on the web site. It describes the RFCs included in the<A href="#RFCs.tar.gz">
 RFCs.tar.gz</A> bundle and gives some pointers to<A href="#sources">
 other ways to get them</A>.</P>
<H2><A name="sources">Other sources for RFCs &amp; Internet drafts</A></H2>
<H3><A name="RFCdown">RFCs</A></H3>
<P>RFCs are downloadble at many places around the net such as:</P>
<UL>
<LI><A href="http://www.rfc-editor.org">http://www.rfc-editor.org</A></LI>
<LI><A href="http://nis.nsf.net/internet/documents/rfc">NSF.net</A></LI>
<LI><A href="http://sunsite.doc.ic.ac.uk/computing/internet/rfc">Sunsite
 in the UK</A></LI>
</UL>
<P>browsable in HTML form at others such as:</P>
<UL>
<LI><A href="http://www.landfield.com/rfcs/index.html">landfield.com</A></LI>
<LI><A href="http://www.library.ucg.ie/Connected/RFC">Connected Internet
 Encyclopedia</A></LI>
</UL>
<P>and some of them are available in translation:</P>
<UL>
<LI><A href="http://www.eisti.fr/eistiweb/docs/normes/">French</A></LI>
</UL>
<P>There is also a published<A href="biblio.html#RFCs"> Big Book of
 IPSEC RFCs</A>.</P>
<H3><A name="drafts">Internet Drafts</A></H3>
<P>Internet Drafts, working documents which sometimes evolve into RFCs,
 are also available.</P>
<UL>
<LI><A href="http://www.ietf.org/ID.html">Overall reference page</A></LI>
<LI><A href="http://www.ietf.org/ids.by.wg/ipsec.html">IPsec</A> working
 group</LI>
<LI><A href="http://www.ietf.org/ids.by.wg/ipsra.html">IPSRA (IPsec
 Remote Access)</A> working group</LI>
<LI><A href="http://www.ietf.org/ids.by.wg/ipsp.html">IPsec Policy</A>
 working group</LI>
<LI><A href="http://www.ietf.org/ids.by.wg/kink.html">KINK (Kerberized
 Internet Negotiation of Keys)</A> working group</LI>
</UL>
<P>Note: some of these may be obsolete, replaced by later drafts or by
 RFCs.</P>
<H3><A name="FIPS1">FIPS standards</A></H3>
<P>Some things used by<A href="glossary.html#IPSEC"> IPsec</A>, such as<A
href="glossary.html#DES"> DES</A> and<A href="glossary.html#SHA"> SHA</A>
, are defined by US government standards called<A href="glossary.html#FIPS">
 FIPS</A>. The issuing organisation,<A href="glossary.html#NIST"> NIST</A>
, have a<A href="http://www.itl.nist.gov/div897/pubs"> FIPS home page</A>
.</P>
<H2><A name="RFCs.tar.gz">What's in the RFCs.tar.gz bundle?</A></H2>
<P>All filenames are of the form rfc*.txt, with the * replaced with the
 RFC number.</P>
<PRE>RFC#        Title</PRE>
<H3><A name="rfc.ov">Overview RFCs</A></H3>
<PRE>2401        Security Architecture for the Internet Protocol
2411        IP Security Document Roadmap</PRE>
<H3><A name="basic.prot">Basic protocols</A></H3>
<PRE>2402        IP Authentication Header
2406        IP Encapsulating Security Payload (ESP)</PRE>
<H3><A name="key.ike">Key management</A></H3>
<PRE>2367        PF_KEY Key Management API, Version 2
2407        The Internet IP Security Domain of Interpretation for ISAKMP
2408        Internet Security Association and Key Management Protocol (ISAKMP)
2409        The Internet Key Exchange (IKE)
2412        The OAKLEY Key Determination Protocol
2528        Internet X.509 Public Key Infrastructure</PRE>
<H3><A name="rfc.detail">Details of various things used</A></H3>
<PRE>2085        HMAC-MD5 IP Authentication with Replay Prevention
2104        HMAC: Keyed-Hashing for Message Authentication
2202        Test Cases for HMAC-MD5 and HMAC-SHA-1
2207        RSVP Extensions for IPSEC Data Flows
2403        The Use of HMAC-MD5-96 within ESP and AH
2404        The Use of HMAC-SHA-1-96 within ESP and AH
2405        The ESP DES-CBC Cipher Algorithm With Explicit IV
2410        The NULL Encryption Algorithm and Its Use With IPsec
2451        The ESP CBC-Mode Cipher Algorithms
2521        ICMP Security Failures Messages</PRE>
<H3><A name="rfc.ref">Older RFCs which may be referenced</A></H3>
<PRE>1321        The MD5 Message-Digest Algorithm
1828        IP Authentication using Keyed MD5
1829        The ESP DES-CBC Transform
1851        The ESP Triple DES Transform
1852        IP Authentication using Keyed SHA</PRE>
<H3><A name="rfc.dns">RFCs for secure DNS service, which IPsec may use</A>
</H3>
<PRE>2137        Secure Domain Name System Dynamic Update
2230        Key Exchange Delegation Record for the DNS
2535        Domain Name System Security Extensions
2536        DSA KEYs and SIGs in the Domain Name System (DNS)
2537        RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)
2538        Storing Certificates in the Domain Name System (DNS)
2539        Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</PRE>
<H3><A name="rfc.exp">RFCs labelled &quot;experimental&quot;</A></H3>
<PRE>2521        ICMP Security Failures Messages
2522        Photuris: Session-Key Management Protocol
2523        Photuris: Extended Schemes and Attributes</PRE>
<H3><A name="rfc.rel">Related RFCs</A></H3>
<PRE>1750        Randomness Recommendations for Security
1918        Address Allocation for Private Internets
1984        IAB and IESG Statement on Cryptographic Technology and the Internet
2144        The CAST-128 Encryption Algorithm</PRE>
<HR>
<A HREF="toc.html">Contents</A>
<A HREF="biblio.html">Previous</A>
<A HREF="roadmap.html">Next</A>
</BODY>
</HTML>