Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org>, ipsec mailing list <email@example.com>, ipsec chair <firstname.lastname@example.org> Subject: Protocol Action: 'Cryptographic Algorithms for use in the Internet Key Exchange Version 2' to Proposed Standard The IESG has approved the following documents: - 'Cryptographic Algorithms for use in the Internet Key Exchange Version 2 ' <draft-ietf-ipsec-ikev2-algorithms-06.txt> as a Proposed Standard - 'Cryptographic Suites for IPsec ' <draft-ietf-ipsec-ui-suites-07.txt> as a Proposed Standard These documents are products of the IP Security Protocol Working Group. The IESG contact persons are Russ Housley and Tim Polk. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ikev2-algorithms-06.txt
Technical Summary The IPSec series of protocols makes use of various cryptographic algorithms to provide security services. The Internet Key Exchange (both IKEv1 and IKEv2) provide a mechanism to negotiate which algorithms should be used for a particular association. However to ensure interoperability between disparate implementations, this document specifies a set of mandatory to implement algorithms, thereby ensuring that there will be at least one algorithm that all implementations will have available. This document also specifies algorithms that should be implemented because they made be promoted to mandatory at some future time. Working Group Summary The IPsec Working Group came to rough consensus on this document. Protocol Quality This document was reviewed by Russell Housley for the IESG. RFC Editor Note Please change "MUST" to "MUST-" in the last paragraph of section 4.1.1 to make it consistent with section 4.1.3. OLD For confidentiality, implementations MUST implement 3DES-CBC and SHOULD+ implement AES-128-CBC. For integrity, HMAC-SHA1 MUST be implemented. NEW For confidentiality, implementations MUST- implement 3DES-CBC and SHOULD+ implement AES-128-CBC. For integrity, HMAC-SHA1 MUST be implemented.