Skip to main content

IP Security Maintenance and Extensions (ipsecme)

Document Date Status IPR AD/Shepherd
Active Internet-Drafts (6 hits)
18 pages
draft-ietf-ipsecme-add-ike-14
Internet Key Exchange Protocol Version 2 (IKEv2) Configuration for Encrypted DNS
2023-05-10
RFC Ed Queue : AUTH48-DONE 147
Submitted to IESG for Publication : Proposed Standard
Reviews: dnsdir dnsdir opsdir LC dnsdir LC genart LC opsdir
Roman Danyliw
Tero Kivinen
71 pages
draft-ietf-ipsecme-g-ikev2-09
Group Key Management using IKEv2
2023-04-19
I-D Exists
WG Consensus: Waiting for Write-Up
Reviews: secdir Early tsvart Early
Jul 2022

11 pages
draft-ietf-ipsecme-ikev2-auth-announce-03
Announcing Supported Authentication Methods in IKEv2
2023-04-14
Expires soon
I-D Exists
In WG Last Call

9 pages
draft-ietf-ipsecme-ikev2-sa-ts-payloads-opt-01
IKEv2 Optional SA&TS Payloads in Child Exchange
2023-07-10
I-D Exists
WG Document
2
10 pages
draft-ietf-ipsecme-labeled-ipsec-12
Labeled IPsec Traffic Selector support for IKEv2
2023-05-15
RFC Ed Queue : AUTH48 AUTH48 142
Submitted to IESG for Publication : Proposed Standard
Reviews: secdir LC genart LC secdir LC opsdir LC
Jul 2022
Roman Danyliw
Tero Kivinen
12 pages
draft-ietf-ipsecme-multi-sa-performance-01
IKEv2 support for per-queue Child SAs
2023-06-06
I-D Exists
WG Document

Expired Internet-Draft (1 hit)
9 pages
draft-ietf-ipsecme-ike-tcp-01
A TCP transport for the Internet Key Exchange
2012-12-03
Expired
WG Document

RFCs (37 hits)
15 pages
RFC 5685 (was draft-ietf-ipsecme-ikev2-redirect)
Redirect Mechanism for the Internet Key Exchange Protocol Version 2 (IKEv2)
2009-11
Proposed Standard RFC
Tim Polk
26 pages
RFC 5723 (was draft-ietf-ipsecme-ikev2-resumption)
Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption
2010-01
Proposed Standard RFC
Pasi Eronen
32 pages
RFC 5739 (was draft-ietf-ipsecme-ikev2-ipv6-config)
IPv6 Configuration in Internet Key Exchange Protocol Version 2 (IKEv2) Errata
2010-02
Experimental RFC
Tim Polk
15 pages
RFC 5840 (was draft-ietf-ipsecme-traffic-visibility)
Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility
2010-04
Proposed Standard RFC
Pasi Eronen
32 pages
RFC 5879 (was draft-ietf-ipsecme-esp-null-heuristics)
Heuristics for Detecting ESP-NULL Packets
2010-05
Informational RFC
Pasi Eronen
6 pages
RFC 5930 (was draft-ietf-ipsecme-aes-ctr-ikev2)
Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol
2010-07
Informational RFC
Sean Turner
138 pages
RFC 5996 (was draft-ietf-ipsecme-ikev2bis)
Internet Key Exchange Protocol Version 2 (IKEv2) Errata
2010-09
Proposed Standard RFC
Obsoleted by RFC 7296
Updated by RFC 5998, RFC 6989, RFC 6989
10 Sean Turner
16 pages
RFC 5998 (was draft-ietf-ipsecme-eap-mutual)
An Extension for EAP-Only Authentication in IKEv2
2010-09
Proposed Standard RFC
Sean Turner
12 pages
RFC 6027 (was draft-ietf-ipsecme-ipsec-ha)
IPsec Cluster Problem Statement
2010-10
Informational RFC
1 Sean Turner
63 pages
RFC 6071 (was draft-ietf-ipsecme-roadmap)
IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap
2011-02
Informational RFC
Sean Turner
22 pages
RFC 6290 (was draft-ietf-ipsecme-failure-detection)
A Quick Crash Detection Method for the Internet Key Exchange Protocol (IKE) Errata
2011-06
Proposed Standard RFC
Sean Turner
26 pages
RFC 6311 (was draft-ietf-ipsecme-ipsecha-protocol)
Protocol Support for High Availability of IKEv2/IPsec Errata
2011-07
Proposed Standard RFC
3 Sean Turner
10 pages
RFC 6989 (was draft-ietf-ipsecme-dh-checks)
Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2)
2013-07
Proposed Standard RFC
1 Sean Turner
Paul E. Hoffman
12 pages
RFC 7018 (was draft-ietf-ipsecme-ad-vpn-problem)
Auto-Discovery VPN Problem Statement and Requirements
2013-09
Informational RFC
Sean Turner
Paul E. Hoffman
142 pages
RFC 7296 (was draft-kivinen-ipsecme-ikev2-rfc5996bis)
Internet Key Exchange Protocol Version 2 (IKEv2) Errata
2014-10
Internet Standard RFC
Updated by RFC 7427, RFC 7670, RFC 8247, RFC 8983, RFC 9370
10 Kathleen Moriarty
Paul E. Hoffman
11 pages
RFC 7321 (was draft-ietf-ipsecme-esp-ah-reqts)
Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)
2014-08
Proposed Standard RFC
Obsoleted by RFC 8221
Kathleen Moriarty
Yaron Sheffer
20 pages
RFC 7383 (was draft-ietf-ipsecme-ikev2-fragmentation)
Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation
2014-11
Proposed Standard RFC
Kathleen Moriarty
Paul E. Hoffman
18 pages
RFC 7427 (was draft-kivinen-ipsecme-signature-auth)
Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)
2015-01
Proposed Standard RFC
Kathleen Moriarty
Paul E. Hoffman
12 pages
RFC 7619 (was draft-ietf-ipsecme-ikev2-null-auth)
The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2)
2015-08
Proposed Standard RFC
Kathleen Moriarty
Paul E. Hoffman
13 pages
RFC 7634 (was draft-ietf-ipsecme-chacha20-poly1305)
ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec Errata
2015-08
Proposed Standard RFC
Kathleen Moriarty
Paul E. Hoffman
32 pages
RFC 8019 (was draft-ietf-ipsecme-ddos-protection)
Protecting Internet Key Exchange Protocol Version 2 (IKEv2) Implementations from Distributed Denial-of-Service Attacks
2016-11
Proposed Standard RFC
Kathleen Moriarty
David Waltermire
8 pages
RFC 8031 (was draft-ietf-ipsecme-safecurves)
Curve25519 and Curve448 for the Internet Key Exchange Protocol Version 2 (IKEv2) Key Agreement Errata
2016-12
Proposed Standard RFC
Kathleen Moriarty
Tero Kivinen
15 pages
RFC 8221 (was draft-ietf-ipsecme-rfc7321bis)
Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)
2017-10
Proposed Standard RFC
Updated by RFC 9395
Eric Rescorla
David Waltermire
25 pages
RFC 8229 (was draft-ietf-ipsecme-tcp-encaps)
TCP Encapsulation of IKE and IPsec Packets Errata
2017-08
Proposed Standard RFC
Obsoleted by RFC 9329
Eric Rescorla
Tero Kivinen
19 pages
RFC 8247 (was draft-ietf-ipsecme-rfc4307bis)
Algorithm Implementation Requirements and Usage Guidance for the Internet Key Exchange Protocol Version 2 (IKEv2)
2017-09
Proposed Standard RFC
Updated by RFC 9395
Eric Rescorla
David Waltermire
5 pages
RFC 8420 (was draft-ietf-ipsecme-eddsa)
Using the Edwards-Curve Digital Signature Algorithm (EdDSA) in the Internet Key Exchange Protocol Version 2 (IKEv2)
2018-08
Proposed Standard RFC
Eric Rescorla
Tero Kivinen
16 pages
RFC 8598 (was draft-ietf-ipsecme-split-dns)
Split DNS Configuration for the Internet Key Exchange Protocol Version 2 (IKEv2)
2019-05
Proposed Standard RFC
Eric Rescorla
David Waltermire
8 pages
RFC 8750 (was draft-ietf-ipsecme-implicit-iv)
Implicit Initialization Vector (IV) for Counter-Based Ciphers in Encapsulating Security Payload (ESP)
2020-03
Proposed Standard RFC
Alexey Melnikov
Tero Kivinen
16 pages
RFC 8784 (was draft-ietf-ipsecme-qr-ikev2)
Mixing Preshared Keys in the Internet Key Exchange Protocol Version 2 (IKEv2) for Post-quantum Security
2020-06
Proposed Standard RFC
Benjamin Kaduk
David Waltermire
7 pages
RFC 8983 (was draft-ietf-ipsecme-ipv6-ipv4-codes)
Internet Key Exchange Protocol Version 2 (IKEv2) Notification Status Types for IPv4/IPv6 Coexistence
2021-02
Proposed Standard RFC
Benjamin Kaduk
Yoav Nir
14 pages
RFC 9242 (was draft-ietf-ipsecme-ikev2-intermediate)
Intermediate Exchange in the Internet Key Exchange Protocol Version 2 (IKEv2)
2022-05
Proposed Standard RFC
Benjamin Kaduk
Yoav Nir
30 pages
RFC 9329 (was draft-ietf-ipsecme-rfc8229bis)
TCP Encapsulation of Internet Key Exchange Protocol (IKE) and IPsec Packets
2022-11
Proposed Standard RFC
Roman Danyliw
Tero Kivinen
31 pages
RFC 9347 (was draft-ietf-ipsecme-iptfs)
Aggregation and Fragmentation Mode for Encapsulating Security Payload (ESP) and Its Use for IP Traffic Flow Security (IP-TFS)
2023-01
Proposed Standard RFC
Roman Danyliw
Tero Kivinen
25 pages
RFC 9348 (was draft-ietf-ipsecme-yang-iptfs)
A YANG Data Model for IP Traffic Flow Security
2023-01
Proposed Standard RFC
Roman Danyliw
Tero Kivinen
19 pages
RFC 9349 (was draft-ietf-ipsecme-mib-iptfs)
Definitions of Managed Objects for IP Traffic Flow Security
2023-01
Proposed Standard RFC
Roman Danyliw
Tero Kivinen
29 pages
RFC 9370 (was draft-ietf-ipsecme-ikev2-multiple-ke)
Multiple Key Exchanges in the Internet Key Exchange Protocol Version 2 (IKEv2)
2023-05
Proposed Standard RFC
1 Roman Danyliw
Tero Kivinen
7 pages
RFC 9395 (was draft-ietf-ipsecme-ikev1-algo-to-historic)
Deprecation of the Internet Key Exchange Version 1 (IKEv1) Protocol and Obsoleted Algorithms
2023-04
Proposed Standard RFC
Roman Danyliw
Tero Kivinen
Related Internet-Drafts (53 hits)
6 pages
draft-acharya-ipsecme-esp-ecmp-00
UDP encapsulated ESP for ECMP
2023-04-21
I-D Exists

5 pages 2023-07-25
I-D Exists

27 pages
draft-mglt-ipsecme-diet-esp-10
ESP Header Compression Profile
2023-06-29
I-D Exists

8 pages
draft-mglt-ipsecme-ikev2-diet-esp-extension-03
Internet Key Exchange version 2 (IKEv2) extension for the ESP Header Compression (EHC)
2023-06-28
I-D Exists

8 pages
draft-mglt-ipsecme-ts-dscp-03
Traffic Selector for Internet Key Exchange version 2 to add support Differentiated Services Field Codepoints (DSCP)
2023-07-26
I-D Exists

18 pages
draft-mrossberg-ipsecme-multiple-sequence-counters-01
Broadening the Scope of Encapsulating Security Payload (ESP) Protocol
2023-08-15
I-D Exists

6 pages
draft-nir-ipsecme-big-payload-02
A Larger Internet Key Exchange version 2 (IKEv2) Payload
2023-07-23
I-D Exists

13 pages
draft-ponchon-ipsecme-anti-replay-subspaces-02
IPsec and IKE anti-replay sequence number subspaces for traffic-engineered paths and multi-core processing
2023-07-10
I-D Exists
3
10 pages
draft-smyslov-ipsecme-ikev2-cookie-revised-05
Revised Cookie Processing in the IKEv2 Protocol
2023-04-14
Expires soon
I-D Exists
9 pages
draft-smyslov-ipsecme-ikev2-qr-alt-08
Alternative Approach for Mixing Preshared Keys in IKEv2 for Post-quantum Security
2023-06-19
I-D Exists

6 pages
draft-smyslov-ipsecme-ikev2-reliable-transport-00
Use of Reliable Transport in the Internet Key Exchange Protocol Version 2 (IKEv2)
2023-07-07
I-D Exists

8 pages
draft-xu-ipsecme-esp-in-udp-lb-11
Encapsulating IPsec ESP in UDP for Load-balancing
2023-09-14
I-D Exists

29 pages
draft-xu-ipsecme-risav-02
An RPKI and IPsec-based AS-to-AS Approach for Source Address Validation
2023-07-04
I-D Exists

11 pages
RFC 2104 (was draft-ietf-ipsec-hmac-md5)
HMAC: Keyed-Hashing for Message Authentication Errata
1997-02
Informational RFC
Updated by RFC 6151

7 pages
RFC 2403 (was draft-ietf-ipsec-auth-hmac-md5-96)
The Use of HMAC-MD5-96 within ESP and AH
1998-11
Proposed Standard RFC

7 pages
RFC 2404 (was draft-ietf-ipsec-auth-hmac-sha196)
The Use of HMAC-SHA-1-96 within ESP and AH
1998-11
Proposed Standard RFC

10 pages
RFC 2405 (was draft-ietf-ipsec-ciph-des-expiv)
The ESP DES-CBC Cipher Algorithm With Explicit IV
1998-11
Proposed Standard RFC

6 pages
RFC 2410 (was draft-ietf-ipsec-ciph-null)
The NULL Encryption Algorithm and Its Use With IPsec Errata
1998-11
Proposed Standard RFC

14 pages
RFC 2451 (was draft-ietf-ipsec-ciph-cbc)
The ESP CBC-Mode Cipher Algorithms
1998-11
Proposed Standard RFC

10 pages
RFC 3526 (was draft-ietf-ipsec-ike-modp-groups)
More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)
2003-05
Proposed Standard RFC
1 Jeffrey I. Schiller
11 pages
RFC 3566 (was draft-ietf-ipsec-ciph-aes-xcbc-mac)
The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec
2003-09
Proposed Standard RFC
Russ Housley
15 pages
RFC 3602 (was draft-ietf-ipsec-ciph-aes-cbc)
The AES-CBC Cipher Algorithm and Its Use with IPsec
2003-09
Proposed Standard RFC
Russ Housley
19 pages
RFC 3686 (was draft-ietf-ipsec-ciph-aes-ctr)
Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP)
2004-01
Proposed Standard RFC
Steven M. Bellovin
15 pages
RFC 3948 (was draft-ietf-ipsec-udp-encaps)
UDP Encapsulation of IPsec ESP Packets Errata
2005-01
Proposed Standard RFC
3 Russ Housley
11 pages
RFC 4106 (was draft-ietf-ipsec-ciph-aes-gcm)
The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP) Errata
2005-06
Proposed Standard RFC
Russ Housley
101 pages
RFC 4301 (was draft-ietf-ipsec-rfc2401bis)
Security Architecture for the Internet Protocol Errata
2005-12
Proposed Standard RFC
Updated by RFC 6040, RFC 7619
1 Russ Housley
34 pages
RFC 4302 (was draft-ietf-ipsec-rfc2402bis)
IP Authentication Header Errata
2005-12
Proposed Standard RFC
Russ Housley
44 pages
RFC 4303 (was draft-ietf-ipsec-esp-v3)
IP Encapsulating Security Payload (ESP) Errata
2005-12
Proposed Standard RFC
Russ Housley
7 pages
RFC 4308 (was draft-ietf-ipsec-ui-suites)
Cryptographic Suites for IPsec Errata
2005-12
Proposed Standard RFC
Russ Housley
13 pages
RFC 4309 (was draft-ietf-ipsec-ciph-aes-ccm)
Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP) Errata
2005-12
Proposed Standard RFC
Steven M. Bellovin
6 pages
RFC 4434 (was draft-hoffman-rfc3664bis)
The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)
2006-02
Proposed Standard RFC
Russ Housley
5 pages
RFC 4478 (was draft-nir-ikev2-auth-lt)
Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
2006-04
Experimental RFC
Russ Housley
8 pages
RFC 4494 (was draft-songlee-aes-cmac-96)
The AES-CMAC-96 Algorithm and Its Use with IPsec
2006-06
Proposed Standard RFC
Russ Housley
14 pages
RFC 4543 (was draft-mcgrew-aes-gmac-esp)
The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH Errata
2006-05
Proposed Standard RFC
Russ Housley
33 pages
RFC 4555 (was draft-ietf-mobike-protocol)
IKEv2 Mobility and Multihoming Protocol (MOBIKE)
2006-06
Proposed Standard RFC
3 Russ Housley
7 pages
RFC 4615 (was draft-songlee-aes-cmac-prf-128)
The Advanced Encryption Standard-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for the Internet Key Exchange Protocol (IKE)
2006-08
Proposed Standard RFC
Russ Housley
11 pages
RFC 4739 (was draft-eronen-ipsec-ikev2-multiple-auth)
Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol
2006-11
Experimental RFC
Russ Housley
15 pages
RFC 4754 (was draft-ietf-ipsec-ike-auth-ecdsa)
IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA) Errata
2007-01
Proposed Standard RFC
6 Russ Housley
11 pages
RFC 4806 (was draft-myers-ikev2-ocsp)
Online Certificate Status Protocol (OCSP) Extensions to IKEv2
2007-02
Proposed Standard RFC
Russ Housley
21 pages
RFC 4868 (was draft-kelly-ipsec-ciph-sha2)
Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec Errata
2007-05
Proposed Standard RFC
Russ Housley
23 pages
RFC 5114 (was draft-lepinski-dh-groups)
Additional Diffie-Hellman Groups for Use with IETF Standards
2008-01
Informational RFC
Tim Polk
19 pages
RFC 5282 (was draft-black-ipsec-ikev2-aead-modes)
Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol Errata
2008-08
Proposed Standard RFC
Tim Polk
7 pages
RFC 5529 (was draft-kato-ipsec-camellia-modes)
Modes of Operation for Camellia for Use with IPsec
2009-04
Proposed Standard RFC
Tim Polk
13 pages
RFC 5857 (was draft-ietf-rohc-ikev2-extensions-hcoipsec)
IKEv2 Extensions to Support Robust Header Compression over IPsec Errata
2010-05
Proposed Standard RFC
Magnus Westerlund
16 pages
RFC 5903 (was draft-solinas-rfc4753bis)
Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2 Errata
2010-06
Informational RFC
3 Tim Polk
7 pages
RFC 6023 (was draft-nir-ipsecme-childless)
A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security Association (SA)
2010-10
Experimental RFC
Sean Turner
10 pages
RFC 6467 (was draft-kivinen-ipsecme-secure-password-framework)
Secure Password Framework for Internet Key Exchange Version 2 (IKEv2)
2011-12
Informational RFC
Sean Turner
24 pages
RFC 6617 (was draft-harkins-ipsecme-spsk-auth)
Secure Pre-Shared Key (PSK) Authentication for the Internet Key Exchange Protocol (IKE)
2012-06
Experimental RFC
Sean Turner
20 pages
RFC 6628 (was draft-shin-augmented-pake)
Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2
2012-06
Experimental RFC
5 Sean Turner
26 pages
RFC 6631 (was draft-kuegler-ipsecme-pace-ikev2)
Password Authenticated Connection Establishment with the Internet Key Exchange Protocol version 2 (IKEv2)
2012-06
Experimental RFC
Sean Turner
9 pages
RFC 6867 (was draft-nir-ipsecme-erx)
An Internet Key Exchange Protocol Version 2 (IKEv2) Extension to Support EAP Re-authentication Protocol (ERP)
2013-01
Experimental RFC
Sean Turner
14 pages
RFC 7791 (was draft-mglt-ipsecme-clone-ike-sa)
Cloning the IKE Security Association in the Internet Key Exchange Protocol Version 2 (IKEv2)
2016-03
Proposed Standard RFC
Kathleen Moriarty
Tero Kivinen
22 pages
RFC 9227 (was draft-smyslov-esp-gost)
Using GOST Ciphers in the Encapsulating Security Payload (ESP) and Internet Key Exchange Version 2 (IKEv2) Protocols
2022-03
Informational RFC

Eliot Lear