Extended Sequence Number Addendum to IPsec Domain of Interpretation for Internet Security Association and Key Management Protocol
RFC 4304, “Extended Sequence Number Addendum to IPsec Domain of Interpretation for Internet Security Association and Key Management Protocol”, is a Proposed Standard document published in December 2005 by S. Kent. The canonical text is published by the RFC Editor.
Abstract
The IP Security Authentication Header (AH) and Encapsulating Security Payload (ESP) protocols use a sequence number to detect replay. This document describes extensions to the Internet IP Security Domain of Interpretation (DOI) for the Internet Security Association and Key Management Protocol (ISAKMP). These extensions support negotiation of the use of traditional 32-bit sequence numbers or extended (64-bit) sequence numbers (ESNs) for a particular AH or ESP security association. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 4304 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 4303 IP Encapsulating Security Payload
- RFC 4305 Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload and Authentication Header
- RFC 4302 IP Authentication Header
- RFC 4306 Internet Key Exchange Protocol
- RFC 4301 Security Architecture for the Internet Protocol
- RFC 4307 Cryptographic Algorithms for Use in the Internet Key Exchange Version 2
- RFC 4308 Cryptographic Suites for IPsec
- RFC 4309 Using Advanced Encryption Standard CCM Mode with IPsec Encapsulating Security Payload