PF_KEY Key Management API, Version 2
RFC 2367

Document Type RFC - Informational (July 1998; No errata)
Was draft-mcdonald-pf-key-v2 (individual)
Last updated 2013-03-02
Stream Legacy
Formats plain text pdf html bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 2367 (Informational)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                       D. McDonald
Request for Comments: 2367                                      C. Metz
Category: Informational                                         B. Phan
                                                              July 1998

                  PF_KEY Key Management API, Version 2

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1998).  All Rights Reserved.

Abstract

   A generic key management API that can be used not only for IP
   Security [Atk95a] [Atk95b] [Atk95c] but also for other network
   security services is presented in this document.  Version 1 of this
   API was implemented inside 4.4-Lite BSD as part of the U. S. Naval
   Research Laboratory's freely distributable and usable IPv6 and IPsec
   implementation[AMPMC96].  It is documented here for the benefit of
   others who might also adopt and use the API, thus providing increased
   portability of key management applications (e.g. a manual keying
   application, an ISAKMP daemon, a GKMP daemon [HM97a][HM97b], a
   Photuris daemon, or a SKIP certificate discovery protocol daemon).

Table of Contents

   1      Introduction .............................................  3
   1.1    Terminology ..............................................  3
   1.2    Conceptual Model .........................................  4
   1.3    PF_KEY Socket Definition .................................  8
   1.4    Overview of PF_KEY Messaging Behavior ....................  8
   1.5    Common PF_KEY Operations .................................  9
   1.6    Differences Between PF_KEY and PF_ROUTE .................. 10
   1.7    Name Space ............................................... 11
   1.8    On Manual Keying ..........................................11
   2      PF_KEY Message Format .................................... 11
   2.1    Base Message Header Format ............................... 12
   2.2    Alignment of Headers and Extension Headers ............... 14
   2.3    Additional Message Fields ................................ 14
   2.3.1  Association Extension .................................... 15
   2.3.2  Lifetime Extension ....................................... 16

McDonald, et. al.            Informational                      [Page 1]
RFC 2367               PF_KEY Key Management API               July 1998

   2.3.3  Address Extension ........................................ 18
   2.3.4  Key Extension ............................................ 19
   2.3.5  Identity Extension ....................................... 21
   2.3.6  Sensitivity Extension .................................... 21
   2.3.7  Proposal Extension ....................................... 22
   2.3.8  Supported Algorithms Extension ........................... 25
   2.3.9  SPI Range Extension ...................................... 26
   2.4    Illustration of Message Layout ........................... 27
   3      Symbolic Names ........................................... 30
   3.1    Message Types ............................................ 31
   3.1.1  SADB_GETSPI .............................................. 32
   3.1.2  SADB_UPDATE .............................................. 33
   3.1.3  SADB_ADD ................................................. 34
   3.1.4  SADB_DELETE .............................................. 35
   3.1.5  SADB_GET ................................................. 36
   3.1.6  SADB_ACQUIRE ............................................. 36
   3.1.7  SADB_REGISTER ............................................ 38
   3.1.8  SADB_EXPIRE .............................................. 39
   3.1.9  SADB_FLUSH ............................................... 40
   3.1.10 SADB_DUMP ................................................ 40
   3.2    Security Association Flags ............................... 41
   3.3    Security Association States .............................. 41
   3.4    Security Association Types ............................... 41
   3.5    Algorithm Types .......................................... 42
   3.6    Extension Header Values .................................. 43
   3.7    Identity Extension Values ................................ 44
   3.8    Sensitivity Extension Values ............................. 45
   3.9    Proposal Extension Values ................................ 45
   4      Future Directions ........................................ 45
   5      Examples ................................................. 45
   5.1    Simple IP Security Example ............................... 46
   5.2    Proxy IP Security Example ................................ 47
   5.3    OSPF Security Example .................................... 50
   5.4    Miscellaneous ............................................ 50
Show full document text