Cryptographic Suites for IPsec
RFC 4308, “Cryptographic Suites for IPsec”, is a Proposed Standard document published in December 2005 by P. Hoffman. The canonical text is published by the RFC Editor.
Abstract
The IPsec, Internet Key Exchange (IKE), and IKEv2 protocols rely on security algorithms to provide privacy and authentication between the initiator and responder. There are many such algorithms available, and two IPsec systems cannot interoperate unless they are using the same algorithms. This document specifies optional suites of algorithms and attributes that can be used to simplify the administration of IPsec when used in manual keying mode, with IKEv1 or with IKEv2. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 4308 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 4307 Cryptographic Algorithms for Use in the Internet Key Exchange Version 2
- RFC 4309 Using Advanced Encryption Standard CCM Mode with IPsec Encapsulating Security Payload
- RFC 4306 Internet Key Exchange Protocol
- RFC 4310 Domain Name System Security Extensions Mapping for the Extensible Provisioning Protocol
- RFC 4305 Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload and Authentication Header
- RFC 4311 IPv6 Host-to-Router Load Sharing
- RFC 4304 Extended Sequence Number Addendum to IPsec Domain of Interpretation for Internet Security Association and Key Management Protocol
- RFC 4312 The Camellia Cipher Algorithm and Its Use With IPsec