summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc4109.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc4109.txt')
-rw-r--r--doc/rfc/rfc4109.txt283
1 files changed, 283 insertions, 0 deletions
diff --git a/doc/rfc/rfc4109.txt b/doc/rfc/rfc4109.txt
new file mode 100644
index 0000000..6a6cd07
--- /dev/null
+++ b/doc/rfc/rfc4109.txt
@@ -0,0 +1,283 @@
+
+
+
+
+
+
+Network Working Group P. Hoffman
+Request for Comments: 4109 VPN Consortium
+Updates: 2409 May 2005
+Category: Standards Track
+
+
+ Algorithms for Internet Key Exchange version 1 (IKEv1)
+
+Status of This Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+Copyright Notice
+
+ Copyright (C) The Internet Society (2005).
+
+Abstract
+
+ The required and suggested algorithms in the original Internet Key
+ Exchange version 1 (IKEv1) specification do not reflect the current
+ reality of the IPsec market requirements. The original specification
+ allows weak security and suggests algorithms that are thinly
+ implemented. This document updates RFC 2409, the original
+ specification, and is intended for all IKEv1 implementations deployed
+ today.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Hoffman Standards Track [Page 1]
+
+RFC 4109 Algorithms for IKEv1 May 2005
+
+
+1. Introduction
+
+ The original IKEv1 definition, [RFC2409], has a set of MUST-level and
+ SHOULD-level requirements that do not match the needs of IPsec users.
+ This document updates RFC 2409 by changing the algorithm requirements
+ defined there.
+
+ The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD,
+ SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL, when they appear in this
+ document, are to be interpreted as described in [RFC2119].
+
+2. Old Algorithm Requirements
+
+ RFC 2409 has the following MUST-level and SHOULD-level requirements:
+
+ o DES for encryption MUST be supported.
+ o MD5 and SHA-1 for hashing and HMAC functions MUST be supported.
+ o Pre-shared secrets for authentication MUST be supported.
+ o Diffie-Hellman MODP group 1 (discrete log 768 bits) MUST be
+ supported.
+ o TripleDES for encryption SHOULD be supported.
+ o Tiger for hashing SHOULD be supported.
+ o DSA and RSA for authentication with signatures SHOULD be
+ supported.
+ o RSA for authentication with encryption SHOULD be supported.
+ o Diffie-Hellman MODP group 2 (discrete log 1024 bits) SHOULD be
+ supported.
+
+ RFC 2409 gives two conflicting requirement levels for Diffie-Hellman
+ MODP groups with elliptic curves. Section 4 of that specification
+ says that "IKE implementations ... MAY support ECP and EC2N groups",
+ but Sections 6.3 and 6.4 say that MODP groups 3 and 4 for EC2N groups
+ SHOULD be supported.
+
+3. New Algorithm Requirements
+
+ The new requirements for IKEv1 are listed here. Note that some of
+ the requirements are the same as those in RFC 2409, whereas others
+ are changed.
+
+ o TripleDES for encryption MUST be supported.
+ o AES-128 in CBC mode [RFC3602] for encryption SHOULD be supported.
+ o SHA-1 for hashing and HMAC functions MUST be supported.
+ o Pre-shared secrets for authentication MUST be supported.
+ o AES-128 in XCBC mode for PRF functions ([RFC3566] and [RFC3664])
+ SHOULD be supported.
+ o Diffie-Hellman MODP group 2 (discrete log 1024 bits) MUST be
+ supported.
+
+
+
+Hoffman Standards Track [Page 2]
+
+RFC 4109 Algorithms for IKEv1 May 2005
+
+
+ o Diffie-Hellman MODP group 14 (discrete log 2048 bits) [RFC3526]
+ SHOULD be supported.
+ o RSA for authentication with signatures SHOULD be supported.
+
+ If additional updates are made to IKEv1 in the future, then it is
+ very likely that implementation of AES-128 in CBC mode for encryption
+ will become mandatory.
+
+ The other algorithms that were listed at MUST-level and SHOULD-level
+ in RFC 2409 are now MAY-level. This includes DES for encryption, MD5
+ and Tiger for hashing, Diffie-Hellman MODP group 1, Diffie-Hellman
+ MODP groups with elliptic curves, DSA for authentication with
+ signatures, and RSA for authentication with encryption.
+
+ DES for encryption, MD5 for hashing, and Diffie-Hellman MODP group 1
+ are dropped to MAY due to cryptographic weakness.
+
+ Tiger for hashing, Diffie-Hellman MODP groups with elliptic curves,
+ DSA for authentication with signatures, and RSA for authentication
+ with encryption are dropped due to lack of any significant deployment
+ and interoperability.
+
+4. Summary
+
+ Algorithm RFC 2409 This document
+ ------------------------------------------------------------------
+ DES for encryption MUST MAY (crypto weakness)
+ TripleDES for encryption SHOULD MUST
+ AES-128 for encryption N/A SHOULD
+ MD5 for hashing and HMAC MUST MAY (crypto weakness)
+ SHA1 for hashing and HMAC MUST MUST
+ Tiger for hashing SHOULD MAY (lack of deployment)
+ AES-XCBC-MAC-96 for PRF N/A SHOULD
+ Pre-shared secrets MUST MUST
+ RSA with signatures SHOULD SHOULD
+ DSA with signatures SHOULD MAY (lack of deployment)
+ RSA with encryption SHOULD MAY (lack of deployment)
+ D-H Group 1 (768) MUST MAY (crypto weakness)
+ D-H Group 2 (1024) SHOULD MUST
+ D-H Group 14 (2048) N/A SHOULD
+ D-H elliptic curves SHOULD MAY (lack of deployment)
+
+5. Security Considerations
+
+ This document is all about security. All the algorithms that are
+ either MUST-level or SHOULD-level in the "new algorithm requirements"
+ section of this document are believed to be robust and secure at the
+ time of this writing.
+
+
+
+Hoffman Standards Track [Page 3]
+
+RFC 4109 Algorithms for IKEv1 May 2005
+
+
+6. Normative References
+
+ [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
+ Requirement Levels", BCP 14, RFC 2119, March 1997.
+
+ [RFC2409] Harkins, D. and D. Carrel, "The Internet Key Exchange
+ (IKE)", RFC 2409, November 1998.
+
+ [RFC3526] Kivinen, T. and M. Kojo, "More Modular Exponential (MODP)
+ Diffie-Hellman groups for Internet Key Exchange (IKE)",
+ RFC 3526, May 2003.
+
+ [RFC3566] Frankel, S. and H. Herbert, "The AES-XCBC-MAC-96 Algorithm
+ and Its Use With IPsec", RFC 3566, September 2003.
+
+ [RFC3602] Frankel, S., Glenn, R., and S. Kelly, "The AES-CBC Cipher
+ Algorithm and Its Use with IPsec", RFC 3602, September
+ 2003.
+
+ [RFC3664] Hoffman, P., "The AES-XCBC-PRF-128 Algorithm for the
+ Internet Key Exchange Protocol (IKE)", RFC 3664, January
+ 2004.
+
+Author's Address
+
+ Paul Hoffman
+ VPN Consortium
+ 127 Segre Place
+ Santa Cruz, CA 95060
+ US
+
+ EMail: paul.hoffman@vpnc.org
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Hoffman Standards Track [Page 4]
+
+RFC 4109 Algorithms for IKEv1 May 2005
+
+
+Full Copyright Statement
+
+ Copyright (C) The Internet Society (2005).
+
+ This document is subject to the rights, licenses and restrictions
+ contained in BCP 78, and except as set forth therein, the authors
+ retain all their rights.
+
+ This document and the information contained herein are provided on an
+ "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
+ OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
+ ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
+ INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
+ INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
+ WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
+
+Intellectual Property
+
+ The IETF takes no position regarding the validity or scope of any
+ Intellectual Property Rights or other rights that might be claimed to
+ pertain to the implementation or use of the technology described in
+ this document or the extent to which any license under such rights
+ might or might not be available; nor does it represent that it has
+ made any independent effort to identify any such rights. Information
+ on the procedures with respect to rights in RFC documents can be
+ found in BCP 78 and BCP 79.
+
+ Copies of IPR disclosures made to the IETF Secretariat and any
+ assurances of licenses to be made available, or the result of an
+ attempt made to obtain a general license or permission for the use of
+ such proprietary rights by implementers or users of this
+ specification can be obtained from the IETF on-line IPR repository at
+ http://www.ietf.org/ipr.
+
+ The IETF invites any interested party to bring to its attention any
+ copyrights, patents or patent applications, or other proprietary
+ rights that may cover technology that may be required to implement
+ this standard. Please address the information to the IETF at ietf-
+ ipr@ietf.org.
+
+Acknowledgement
+
+ Funding for the RFC Editor function is currently provided by the
+ Internet Society.
+
+
+
+
+
+
+
+Hoffman Standards Track [Page 5]
+