Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
RFC 4307

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    ipsec mailing list <ipsec@ietf.org>, 
    ipsec chair <ipsec-chairs@tools.ietf.org>
Subject: Protocol Action: 'Cryptographic Algorithms for use in 
         the Internet Key Exchange Version 2' to Proposed Standard 

The IESG has approved the following documents:

- 'Cryptographic Algorithms for use in the Internet Key Exchange Version 
   2 '
   <draft-ietf-ipsec-ikev2-algorithms-06.txt> as a Proposed Standard
- 'Cryptographic Suites for IPsec '
   <draft-ietf-ipsec-ui-suites-07.txt> as a Proposed Standard

These documents are products of the IP Security Protocol Working Group. 

The IESG contact persons are Russ Housley and Tim Polk.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-ipsec-ikev2-algorithms-06.txt

Technical Summary

  The IPSec series of protocols makes use of various cryptographic
  algorithms to provide security services.  The Internet Key Exchange
  (both IKEv1 and IKEv2) provide a mechanism to negotiate which
  algorithms should be used for a particular association.  However to
  ensure interoperability between disparate implementations, this
  document specifies a set of mandatory to implement algorithms, thereby
  ensuring that there will be at least one algorithm that all
  implementations will have available.  This document also specifies
  algorithms that should be implemented because they made be promoted to
  mandatory at some future time.

Working Group Summary

  The IPsec Working Group came to rough consensus on this document.

Protocol Quality

  This document was reviewed by Russell Housley for the IESG.

RFC Editor Note

  Please change "MUST" to "MUST-" in the last paragraph of 
  section 4.1.1 to make it consistent with section 4.1.3.

  OLD

    For confidentiality, implementations MUST implement 3DES-CBC and
    SHOULD+ implement AES-128-CBC. For integrity, HMAC-SHA1 MUST be
    implemented.

  NEW

    For confidentiality, implementations MUST- implement 3DES-CBC and
    SHOULD+ implement AES-128-CBC. For integrity, HMAC-SHA1 MUST be
    implemented.