Uploaded by juancabal92

Bibliography IPsec by Strongswan

advertisement
Status RFC, Internet Draft
IPsec and IKE Roadmap
RFC 6071: IPsec and IKE Document Roadmap
1
IKEv1
Core Standards
RFC 2407: IPsec Domain of Interpretation for ISAKMP (IPsec DoI)
RFC 2408: Internet Security Association and Key Management Protocol (ISAKMP)
RFC 2409: Internet Key Exchange (IKE)
IANA-ISAKMP: ISAKMP Registry
IANA-IKE/IPSEC: IKE/IPsec Registry
Extensions
RFC 3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key
Exchange (IKE)
RFC 3706: A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers
RFC 3947: Negotiation of NAT-Traversal in the IKE
draft-dukes-ike-mode-cfg: The ISAKMP Configuration Method
draft-ietf-ipsec-isakmp-xauth: Extended Authentication within ISAKMP/Oakley (XAUTH)
draft-jenkins-ipsec-rekeying: IPsec Re-keying Issues
draft-ietf-ipsec-isakmp-hybrid-auth: A Hybrid Authentication Mode for IKE
2
IKEv2
Core Standards
RFC 7296: Internet Key Exchange Protocol Version 2 (IKEv2)
RFC 7815: Minimal Internet Key Exchange Version 2 (IKEv2) Initiator Implementation
RFC 8247: Algorithm Implementation Requirements and Usage Guidance for the Internet
Key Exchange Protocol Version 2 (IKEv2)
IANA-IKEv2: IKEv2 Parameters
Extensions
RFC 4478: Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
RFC 4555: IKEv2 Mobility and Multihoming Protocol (MOBIKE)
x RFC 4595: Use of IKEv2 in the Fibre Channel Security Association Management Protocol
RFC 6515: The AES-Cipher-based Message Authentication Code-Pseudo-Random
Function-128 (AES-CMAC-PRF-128) Algorithm for IKE
RFC 4621: Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol
RFC 4739: Multiple Authentication Exchanges in the IKEv2 Protocol
RFC 4754: IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature
Algorithm (ECDSA)
x RFC 4806: Online Certificate Status Protocol (OCSP) Extensions to IKEv2
x RFC 5026: Mobile IPv6 Bootstrapping in Split Scenario
RFC 5282: Using Authenticated Encryption Algorithms with the Encrypted Payload of the
IKEv2 Protocol
x
x
x
x
x
x
d
x
d
d
x
x
d
x
x
x
x
RFC 5685: Redirect Mechanism for IKEv2
RFC 5857: IKEv2 Extensions to Support Robust Header Compression over IPsec
RFC 5723: Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption
RFC 5739: IPv6 Configuration in Internet Key Exchange Protocol Version 2 (IKEv2)
RFC 5903: ECP Groups for IKE and IKEv2
RFC 5930: Using Advanced Encryption Standard Counter Mode (AES-CTR) with the
Internet Key Exchange version 02 (IKEv2) Protocol
RFC 5998: An Extension for EAP-only Authentication in IKEv2
RFC 6023: A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security
Association (SA)
RFC 6027: IPsec Cluster Problem Statement
RFC 6290: A Quick Crash Detection Method for the Internet Key Exchange Protocol (IKE)
RFC 6311: Protocol Support for High Availability of IKEv2/IPsec
RFC 6467: Secure Password Framework for IKEv2
RFC 6617: Secure Pre-Shared Key (PSK) Authentication for the Internet Key Exchange
Protocol (IKE)
RFC 6628: Efficient Augmented Password-Only Authentication and Key Exchange for
IKEv2
RFC 6631: Password Authenticated Connection Establishment with IKEv2
RFC 6867: An Internet Key Exchange Protocol Version 2 (IKEv2) Extension to Support
EAP Re-authentication Protocol (ERP)
RFC 6932: Brainpool Elliptic Curves for the IKE Group Description Registry
RFC 6954: Using the Elliptic Curve Cryptography (ECC) Brainpool Curves for the Internet
Key Exchange Protocol Version 2 (IKEv2)
RFC 6989: Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol
Version 2 (IKEv2)
RFC 7383: Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation
RFC 7427: Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)
RFC 7619: The NULL Authentication Method in the Internet Key Exchange Protocol
Version 2 (IKEv2)
RFC 7634: ChaCha20, Poly1305, and Their Use in the IKE Protocol and IPsec
RFC 7651: 3GPP IP Multimedia Subsystems (IMS) Option for the Internet Key Exchange
Protocol Version 2 (IKEv2)
RFC 7670: Generic Raw Public-Key Support for IKEv2
RFC 8019: Protecting Internet Key Exchange Protocol Version 2 (IKEv2) Implementations
from Distributed Denial-of-Service Attacks
RFC 8031: Curve25519 and Curve448 for the Internet Key Exchange Protocol Version 2
(IKEv2) Key Agreement
RFC 8420: Using the Edwards-curve Digital Signature Algorithm (EdDSA) in the Internet
Key Exchange (IKEv2)
RFC 8229: TCP Encapsulation of IKE and IPsec Packets
RFC 8598: Split DNS Configuration for the Internet Key Exchange Protocol Version 2
(IKEv2)
x
x
3
RFC 8784: Mixing Preshared Keys in the Internet Key Exchange Protocol Version 2
(IKEv2) for Post-quantum Security
RFC 8983: Internet Key Exchange Protocol Version 2 (IKEv2) Notification Status Types
for IPv4/IPv6 Coexistence
draft-brunner-ikev2-mediation: IKEv2 Mediation Extension
draft-laganier-ike-ipv6-cga: Using IKE with IPv6 Cryptographically Generated Addresses
IPsec
Core Standards
RFC 4301: Security Architecture for the Internet Protocol
RFC 4302: IP Authentication Header (AH)
RFC 4303: IP Encapsulating Security Payload (ESP)
RFC 4308: Cryptographic Suites for IPsec
RFC 8221: Cryptographic Algorithm Implementation Requirements and Usage Guidance
for ESP and AH
Extensions
RFC 2410: The NULL Encryption Algorithm and Its Use With IPsec
RFC 2451: The ESP CBC-Mode Cipher Algorithms
RFC 3602: The AES-CBC Cipher Algorithm and Its Use with IPsec
RFC 3948: UDP Encapsulation of IPsec ESP Packets
RFC 3686: Using Advanced Encryption Standard (AES) Counter Mode With IPsec
Encapsulating Security Payload (ESP)
RFC 4106: The Use of Galois/Counter Mode (GCM) in IPsec ESP
RFC 4304: Extended Sequence Number (ESN) Addendum to IPsec DOI for ISAKMP
RFC 4309: Using Advanced Encryption Standard (AES) CCM Mode with IPsec ESP
x RFC 4494: The AES-CMAC-96 Algorithm and Its Use with IPsec
RFC 4543: The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and
AH
RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec
RFC 5114: Additional Diffie-Hellman Groups for Use with IETF Standards
RFC 5529: Modes of Operation for Camellia for Use with IPsec
x RFC 5660: IPsec Channels: Connection Latching
RFC 5879: Heuristics for Detecting ESP-NULL Packets
x RFC 5840: Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility
RFC 6379: Suite B Cryptographic Suites for IPsec
RFC 6380: Suite B Profile for Internet Protocol Security (IPsec)
RFC 6479: IPsec Anti-Replay Algorithm without Bit Shifting
x RFC 7018: Auto-Discovery VPN Problem Statement and Requirements
x RFC 8229: TCP Encapsulation of IKE and IPsec Packets
RFC 8750: Implicit Initialization Vector (IV) for Counter-Based Ciphers in Encapsulating
x
Security Payload (ESP)
4
Multicast IPsec
x
x
x
x
x
x
5
RFC 4046: Multicast Security (MSEC) Group Key Management Architecture
RFC 4535: GSAKMP: Group Secure Association Key Management Protocol
RFC 5374: Multicast Extensions to the Security Architecture for the Internet Protocol
RFC 6054: Using Counter Modes with Encapsulating Security Payload (ESP) and
Authentication Header (AH) to Protect Group Traffic
RFC 6407: The Group Domain of Interpretation (GDOI)
draft-ietf-msec-gkdp: GKDP: Group Key Distribution Protocol
Mobile IPv6
RFC 4877: Mobile IPv6 Operation with IKEv2 and the Revised IPsec Architecture
6
PKI
RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers
RFC 4514: LDAP: String Representation of Distinguished Names
RFC 4518: LDAP Internationalized String Preparation
RFC 4809: Requirements for an IPsec Certificate Management Profile
RFC 4945: The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX
RFC 5280: Internet X.509 Public Key Infrastructure - Certificate and CRL Profile
RFC 5755: An Internet Attribute Certificate Profile for Authorization
RFC 5759: Suite B Certificate and CRL Profile
RFC 6818: Updates to the Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile
RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol OCSP
RFC 7468: Textual Encodings of PKIX, PKCS, and CMS Structures
RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA)
RFC 8410: Algorithm Identifiers for EdDSA, Ed25519, Ed448, Curve25519 and Curve448
for X.509
RFC 8894: Simple Certificate Enrollment Protocol (SCEP)
7
EAP
x
RFC 3748: Extensible Authentication Protocol (EAP)
RFC 4186: EAP Method for GSM Subscriber Identity Modules (EAP-SIM)
RFC 4187: EAP Method for 3rd Generation Authentication and Key Agreement (EAPAKA)
RFC 5216: The EAP-TLS Authentication Protocol
RFC 5281: The EAP-TTLS Authentication Protocol Version 0
RFC 5448: Improved EAP Method for 3rd Generation Authentication and Key Agreement
(EAP-AKA')
x
8
RFC 7170: Tunnel EAP Method (TEAP) Version 1
IANA EAP: EAP Method Types
IANA EAP-AKA/SIM: EAP-AKA and EAP-SIM Parameters
RADIUS
RFC 2865: Remote Authentication Dial In User Service (RADIUS)
RFC 2869: RADIUS Extensions
RFC 3579: RADIUS for EAP
9
DNS
RFC 4025: A Method for Storing IPsec Keying Material in DNS
10
NEA
RFC 5209: Network Endpoint Assessment (NEA): Overview and Requirements
RFC 5792: PA-TNC: A Posture Attribute (PA) Protocol Compatible with TNC
RFC 5793: PB-TNC: A Posture Broker (PB) Protocol Compatible with TNC
RFC 6876: PT-TLS: Posture Transport Protocol over TLS
RFC 7171: PT-EAP: Posture Transport Protocol For EAP Tunnel Methods
RFC 8412: Software Inventory Message and Attributes (SWIMA) for PA-TNC
Download