Technical Summary
The IPSec series of protocols makes use of various cryptographic
algorithms to provide security services. The Internet Key Exchange
(both IKEv1 and IKEv2) provide a mechanism to negotiate which
algorithms should be used for a particular association. However to
ensure interoperability between disparate implementations, this
document specifies a set of mandatory to implement algorithms, thereby
ensuring that there will be at least one algorithm that all
implementations will have available. This document also specifies
algorithms that should be implemented because they made be promoted to
mandatory at some future time.
Working Group Summary
The IPsec Working Group came to rough consensus on this document.
Protocol Quality
This document was reviewed by Russell Housley for the IESG.
RFC Editor Note
Please change "MUST" to "MUST-" in the last paragraph of
section 4.1.1 to make it consistent with section 4.1.3.
OLD
For confidentiality, implementations MUST implement 3DES-CBC and
SHOULD+ implement AES-128-CBC. For integrity, HMAC-SHA1 MUST be
implemented.
NEW
For confidentiality, implementations MUST- implement 3DES-CBC and
SHOULD+ implement AES-128-CBC. For integrity, HMAC-SHA1 MUST be
implemented.