Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload and Authentication Header
RFC 7321, “Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload and Authentication Header”, is a Proposed Standard document published in August 2014 by D. McGrew, P. Hoffman. It obsoletes RFC 4835. It has been obsoleted by RFC 8221 — refer to the newer document for the authoritative version. The canonical text is published by the RFC Editor.
Abstract
This document updates the Cryptographic Algorithm Implementation Requirements for the Encapsulating Security Payload (ESP) and Authentication Header (AH). It also adds usage guidance to help in the selection of these algorithms.
ESP and AH protocols make use of various cryptographic algorithms to provide confidentiality and/or data origin authentication to protected data communications in the IP Security (IPsec) architecture. To ensure interoperability between disparate implementations, the IPsec standard specifies a set of mandatory-to- implement algorithms. This document specifies the current set of mandatory-to-implement algorithms for ESP and AH, specifies algorithms that should be implemented because they may be promoted to mandatory at some future time, and also recommends against the implementation of some obsolete algorithms. Usage guidance is also provided to help the user of ESP and AH best achieve their security goals through appropriate choices of cryptographic algorithms.
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 7321 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 7320 URI Design and Ownership
- RFC 7322 RFC Style Guide
- RFC 7319 IANA Considerations for Connectivity Fault Management Code Points
- RFC 7323 TCP Extensions for High Performance
- RFC 7318 Policy Qualifiers in Resource Public Key Infrastructure Certificates
- RFC 7324 Updates to MPLS Transport Profile Linear Protection
- RFC 7317 A YANG Data Model for System Management
- RFC 7325 MPLS Forwarding Compliance and Performance Requirements