Suite B Cryptographic Suites for IPsec
RFC 4869

Document Type RFC - Informational (May 2007; No errata)
Obsoleted by RFC 6379
Was draft-solinas-ui-suites (individual in sec area)
Last updated 2013-03-02
Stream IETF
Formats plain text pdf html
Stream WG state (None)
Consensus Unknown
Document shepherd No shepherd assigned
IESG IESG state RFC 4869 (Informational)
Telechat date
Responsible AD Russ Housley
Send notices to jasolin@orion.ncsc.mil, lelaw@orion.ncsc.mil
Network Working Group                                             L. Law
Request for Comments: 4869                                    J. Solinas
Category: Informational                                              NSA
                                                                May 2007

                 Suite B Cryptographic Suites for IPsec

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The IETF Trust (2007).

Abstract

   This document proposes four optional cryptographic user interface
   suites ("UI suites") for IPsec, similar to the two suites specified
   in RFC 4308.  The four new suites provide compatibility with the
   United States National Security Agency's Suite B specifications.

Table of Contents

   1. Introduction ....................................................2
   2. Requirements Terminology ........................................2
   3. New UI Suites ...................................................2
      3.1. Suite "Suite-B-GCM-128" ....................................2
      3.2. Suite "Suite-B-GCM-256" ....................................3
      3.3. Suite "Suite-B-GMAC-128" ...................................4
      3.4. Suite "Suite-B-GMAC-256" ...................................5
   4. Security Considerations .........................................5
   5. IANA Considerations .............................................6
   6. References ......................................................6
      6.1. Normative References .......................................6
      6.2. Informative References .....................................7

Law & Solinas                Informational                      [Page 1]
RFC 4869         Suite B Cryptographic Suites for IPsec         May 2007

1.  Introduction

   [RFC4308] proposes two optional cryptographic user interface suites
   ("UI suites") for IPsec.  The two suites, VPN-A and VPN-B, represent
   commonly used present-day corporate VPN security choices and
   anticipated future choices, respectively.  This document proposes
   four new UI suites based on implementations of the United States
   National Security Agency's Suite B algorithms (see [SuiteB]).

   As with the VPN suites, the Suite B suites are simply collections of
   values for some options in IPsec.  Use of UI suites does not change
   the IPsec protocols in any way.

2.  Requirements Terminology

   The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY"
   in this document are to be interpreted as described in [RFC2119].

3.  New UI Suites

   Each of the following UI suites provides choices for ESP (see
   [RFC4303]) and for IKEv1 and IKEv2 (see [RFC2409] and [RFC4306]).
   The four suites are differentiated by the choice of cryptographic
   algorithm strengths and a choice of whether the Encapsulating
   Security Payload (ESP) is to provide both confidentiality and
   integrity or integrity only.  The suite names are based on the
   Advanced Encryption Standard [AES] mode and AES key length specified
   for ESP.

   IPsec implementations that use these UI suites SHOULD use the suite
   names listed here.  IPsec implementations SHOULD NOT use names
   different than those listed here for the suites that are described,
   and MUST NOT use the names listed here for suites that do not match
   these values.  These requirements are necessary for interoperability.

3.1.  Suite "Suite-B-GCM-128"

   This suite provides ESP integrity protection and confidentiality
   using 128-bit AES-GCM (see [RFC4106]).  This suite or the following
   suite should be used when ESP integrity protection and encryption are
   both needed.

   ESP:
     Encryption     AES with 128-bit keys and 16-octet Integrity
                      Check Value (ICV) in GCM mode [RFC4106]
     Integrity      NULL

Law & Solinas                Informational                      [Page 2]
RFC 4869         Suite B Cryptographic Suites for IPsec         May 2007

   IKEv1:
     Encryption                   AES with 128-bit keys in CBC mode
                                    [RFC3602]
     Pseudo-random function       HMAC-SHA-256 [RFC4868]
     Hash                         SHA-256 [FIPS-180-2] [RFC4634]
     Diffie-Hellman group         256-bit random ECP group [RFC4753]
     Group Type                   ECP

   For IKEv1, Phase 1 SHOULD use Main mode.  IKEv1 implementations MUST
   support pre-shared key authentication [RFC2409] for interoperability.
Show full document text