The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX
RFC 4945, “The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX”, is a Proposed Standard document published in August 2007 by B. Korver. The canonical text is published by the RFC Editor.
Abstract
The Internet Key Exchange (IKE) and Public Key Infrastructure for X.509 (PKIX) certificate profile both provide frameworks that must be profiled for use in a given application. This document provides a profile of IKE and PKIX that defines the requirements for using PKI technology in the context of IKE/IPsec. The document complements protocol specifications such as IKEv1 and IKEv2, which assume the existence of public key certificates and related keying materials, but which do not address PKI issues explicitly. This document addresses those issues. The intended audience is implementers of PKI for IPsec. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 4945 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 4944 Transmission of IPv6 Packets over IEEE 802.15.4 Networks
- RFC 4946 Atom License Extension
- RFC 4943 IPv6 Neighbor Discovery On-Link Assumption Considered Harmful
- RFC 4947 Address Resolution Mechanisms for IP Datagrams over MPEG-2 Networks
- RFC 4942 IPv6 Transition/Co-existence Security Considerations
- RFC 4948 Report from the IAB workshop on Unwanted Traffic March 9-10, 2006
- RFC 4941 Privacy Extensions for Stateless Address Autoconfiguration in IPv6
- RFC 4949 Internet Security Glossary, Version 2