Cryptographic Algorithms for Use in the Internet Key Exchange Version 2
RFC 4307, “Cryptographic Algorithms for Use in the Internet Key Exchange Version 2”, is a Proposed Standard document published in December 2005 by J. Schiller. It has been obsoleted by RFC 8247 — refer to the newer document for the authoritative version. The canonical text is published by the RFC Editor.
Abstract
The IPsec series of protocols makes use of various cryptographic algorithms in order to provide security services. The Internet Key Exchange (IKE (RFC 2409) and IKEv2) provide a mechanism to negotiate which algorithms should be used in any given association. However, to ensure interoperability between disparate implementations, it is necessary to specify a set of mandatory-to-implement algorithms to ensure that there is at least one algorithm that all implementations will have available. This document defines the current set of algorithms that are mandatory to implement as part of IKEv2, as well as algorithms that should be implemented because they may be promoted to mandatory at some future time. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 4307 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 4306 Internet Key Exchange Protocol
- RFC 4308 Cryptographic Suites for IPsec
- RFC 4305 Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload and Authentication Header
- RFC 4309 Using Advanced Encryption Standard CCM Mode with IPsec Encapsulating Security Payload
- RFC 4304 Extended Sequence Number Addendum to IPsec Domain of Interpretation for Internet Security Association and Key Management Protocol
- RFC 4310 Domain Name System Security Extensions Mapping for the Extensible Provisioning Protocol
- RFC 4303 IP Encapsulating Security Payload
- RFC 4311 IPv6 Host-to-Router Load Sharing