Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)
RFC 8221
Document | Type |
RFC - Proposed Standard
(October 2017; No errata)
Obsoletes RFC 7321
|
|
---|---|---|---|
Authors | Paul Wouters , Daniel Migault , John Preuß Mattsson , Yoav Nir , Tero Kivinen | ||
Last updated | 2017-10-17 | ||
Replaces | draft-mglt-ipsecme-rfc7321bis | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Reviews | |||
Stream | WG state | Submitted to IESG for Publication | |
Document shepherd | David Waltermire | ||
Shepherd write-up | Show (last changed 2017-02-15) | ||
IESG | IESG state | RFC 8221 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Yes | ||
Telechat date | |||
Responsible AD | Eric Rescorla | ||
Send notices to | "David Waltermire" <david.waltermire@nist.gov> | ||
IANA | IANA review state | Version Changed - Review Needed | |
IANA action state | No IANA Actions |
Internet Engineering Task Force (IETF) P. Wouters Request for Comments: 8221 Red Hat Obsoletes: 7321 D. Migault Category: Standards Track J. Mattsson ISSN: 2070-1721 Ericsson Y. Nir Check Point T. Kivinen October 2017 Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH) Abstract This document replaces RFC 7321, "Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)". The goal of this document is to enable ESP and AH to benefit from cryptography that is up to date while making IPsec interoperable. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8221. Wouters, et al. Standards Track [Page 1] RFC 8221 ESP and AH Algorithm Requirements October 2017 Copyright Notice Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Updating Algorithm Implementation Requirements and Usage Guidance . . . . . . . . . . . . . . . . . . . . . . . . 3 1.2. Updating Algorithm Requirement Levels . . . . . . . . . . 3 1.3. Document Audience . . . . . . . . . . . . . . . . . . . . 4 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 5 3. Manual Keying . . . . . . . . . . . . . . . . . . . . . . . . 5 4. Encryption Must Be Authenticated . . . . . . . . . . . . . . 6 5. ESP Encryption Algorithms . . . . . . . . . . . . . . . . . . 7 6. ESP and AH Authentication Algorithms . . . . . . . . . . . . 9 7. ESP and AH Compression Algorithms . . . . . . . . . . . . . . 10 8. Summary of Changes from RFC 7321 . . . . . . . . . . . . . . 11 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 10. Security Considerations . . . . . . . . . . . . . . . . . . . 11 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 12 11.1. Normative References . . . . . . . . . . . . . . . . . . 12 11.2. Informative References . . . . . . . . . . . . . . . . . 12 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 15 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 Wouters, et al. Standards Track [Page 2] RFC 8221 ESP and AH Algorithm Requirements October 2017 1. Introduction The Encapsulating Security Payload (ESP) [RFC4303] and the Authentication Header (AH) [RFC4302] are the mechanisms for applying cryptographic protection to data being sent over an IPsec Security Association (SA) [RFC4301]. This document provides guidance and recommendations so that ESP and AH can be used with cryptographic algorithms that are up to date. The challenge of such documents is making sure that, over time, IPsec implementations can use secure and up-to-date cryptographic algorithms while keeping IPsec interoperable. 1.1. Updating Algorithm Implementation Requirements and Usage Guidance The field of cryptography evolves continuously: new, stronger algorithms appear, and existing algorithms are found to be less secure than originally thought. Therefore, algorithm implementationShow full document text