Status RFC, Internet Draft IPsec and IKE Roadmap RFC 6071: IPsec and IKE Document Roadmap 1 IKEv1 Core Standards RFC 2407: IPsec Domain of Interpretation for ISAKMP (IPsec DoI) RFC 2408: Internet Security Association and Key Management Protocol (ISAKMP) RFC 2409: Internet Key Exchange (IKE) IANA-ISAKMP: ISAKMP Registry IANA-IKE/IPSEC: IKE/IPsec Registry Extensions RFC 3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE) RFC 3706: A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers RFC 3947: Negotiation of NAT-Traversal in the IKE draft-dukes-ike-mode-cfg: The ISAKMP Configuration Method draft-ietf-ipsec-isakmp-xauth: Extended Authentication within ISAKMP/Oakley (XAUTH) draft-jenkins-ipsec-rekeying: IPsec Re-keying Issues draft-ietf-ipsec-isakmp-hybrid-auth: A Hybrid Authentication Mode for IKE 2 IKEv2 Core Standards RFC 7296: Internet Key Exchange Protocol Version 2 (IKEv2) RFC 7815: Minimal Internet Key Exchange Version 2 (IKEv2) Initiator Implementation RFC 8247: Algorithm Implementation Requirements and Usage Guidance for the Internet Key Exchange Protocol Version 2 (IKEv2) IANA-IKEv2: IKEv2 Parameters Extensions RFC 4478: Repeated Authentication in Internet Key Exchange (IKEv2) Protocol RFC 4555: IKEv2 Mobility and Multihoming Protocol (MOBIKE) x RFC 4595: Use of IKEv2 in the Fibre Channel Security Association Management Protocol RFC 6515: The AES-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for IKE RFC 4621: Design of the IKEv2 Mobility and Multihoming (MOBIKE) Protocol RFC 4739: Multiple Authentication Exchanges in the IKEv2 Protocol RFC 4754: IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA) x RFC 4806: Online Certificate Status Protocol (OCSP) Extensions to IKEv2 x RFC 5026: Mobile IPv6 Bootstrapping in Split Scenario RFC 5282: Using Authenticated Encryption Algorithms with the Encrypted Payload of the IKEv2 Protocol x x x x x x d x d d x x d x x x x RFC 5685: Redirect Mechanism for IKEv2 RFC 5857: IKEv2 Extensions to Support Robust Header Compression over IPsec RFC 5723: Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption RFC 5739: IPv6 Configuration in Internet Key Exchange Protocol Version 2 (IKEv2) RFC 5903: ECP Groups for IKE and IKEv2 RFC 5930: Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol RFC 5998: An Extension for EAP-only Authentication in IKEv2 RFC 6023: A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security Association (SA) RFC 6027: IPsec Cluster Problem Statement RFC 6290: A Quick Crash Detection Method for the Internet Key Exchange Protocol (IKE) RFC 6311: Protocol Support for High Availability of IKEv2/IPsec RFC 6467: Secure Password Framework for IKEv2 RFC 6617: Secure Pre-Shared Key (PSK) Authentication for the Internet Key Exchange Protocol (IKE) RFC 6628: Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2 RFC 6631: Password Authenticated Connection Establishment with IKEv2 RFC 6867: An Internet Key Exchange Protocol Version 2 (IKEv2) Extension to Support EAP Re-authentication Protocol (ERP) RFC 6932: Brainpool Elliptic Curves for the IKE Group Description Registry RFC 6954: Using the Elliptic Curve Cryptography (ECC) Brainpool Curves for the Internet Key Exchange Protocol Version 2 (IKEv2) RFC 6989: Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2) RFC 7383: Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation RFC 7427: Signature Authentication in the Internet Key Exchange Version 2 (IKEv2) RFC 7619: The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2) RFC 7634: ChaCha20, Poly1305, and Their Use in the IKE Protocol and IPsec RFC 7651: 3GPP IP Multimedia Subsystems (IMS) Option for the Internet Key Exchange Protocol Version 2 (IKEv2) RFC 7670: Generic Raw Public-Key Support for IKEv2 RFC 8019: Protecting Internet Key Exchange Protocol Version 2 (IKEv2) Implementations from Distributed Denial-of-Service Attacks RFC 8031: Curve25519 and Curve448 for the Internet Key Exchange Protocol Version 2 (IKEv2) Key Agreement RFC 8420: Using the Edwards-curve Digital Signature Algorithm (EdDSA) in the Internet Key Exchange (IKEv2) RFC 8229: TCP Encapsulation of IKE and IPsec Packets RFC 8598: Split DNS Configuration for the Internet Key Exchange Protocol Version 2 (IKEv2) x x 3 RFC 8784: Mixing Preshared Keys in the Internet Key Exchange Protocol Version 2 (IKEv2) for Post-quantum Security RFC 8983: Internet Key Exchange Protocol Version 2 (IKEv2) Notification Status Types for IPv4/IPv6 Coexistence draft-brunner-ikev2-mediation: IKEv2 Mediation Extension draft-laganier-ike-ipv6-cga: Using IKE with IPv6 Cryptographically Generated Addresses IPsec Core Standards RFC 4301: Security Architecture for the Internet Protocol RFC 4302: IP Authentication Header (AH) RFC 4303: IP Encapsulating Security Payload (ESP) RFC 4308: Cryptographic Suites for IPsec RFC 8221: Cryptographic Algorithm Implementation Requirements and Usage Guidance for ESP and AH Extensions RFC 2410: The NULL Encryption Algorithm and Its Use With IPsec RFC 2451: The ESP CBC-Mode Cipher Algorithms RFC 3602: The AES-CBC Cipher Algorithm and Its Use with IPsec RFC 3948: UDP Encapsulation of IPsec ESP Packets RFC 3686: Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP) RFC 4106: The Use of Galois/Counter Mode (GCM) in IPsec ESP RFC 4304: Extended Sequence Number (ESN) Addendum to IPsec DOI for ISAKMP RFC 4309: Using Advanced Encryption Standard (AES) CCM Mode with IPsec ESP x RFC 4494: The AES-CMAC-96 Algorithm and Its Use with IPsec RFC 4543: The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH RFC 4868: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec RFC 5114: Additional Diffie-Hellman Groups for Use with IETF Standards RFC 5529: Modes of Operation for Camellia for Use with IPsec x RFC 5660: IPsec Channels: Connection Latching RFC 5879: Heuristics for Detecting ESP-NULL Packets x RFC 5840: Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility RFC 6379: Suite B Cryptographic Suites for IPsec RFC 6380: Suite B Profile for Internet Protocol Security (IPsec) RFC 6479: IPsec Anti-Replay Algorithm without Bit Shifting x RFC 7018: Auto-Discovery VPN Problem Statement and Requirements x RFC 8229: TCP Encapsulation of IKE and IPsec Packets RFC 8750: Implicit Initialization Vector (IV) for Counter-Based Ciphers in Encapsulating x Security Payload (ESP) 4 Multicast IPsec x x x x x x 5 RFC 4046: Multicast Security (MSEC) Group Key Management Architecture RFC 4535: GSAKMP: Group Secure Association Key Management Protocol RFC 5374: Multicast Extensions to the Security Architecture for the Internet Protocol RFC 6054: Using Counter Modes with Encapsulating Security Payload (ESP) and Authentication Header (AH) to Protect Group Traffic RFC 6407: The Group Domain of Interpretation (GDOI) draft-ietf-msec-gkdp: GKDP: Group Key Distribution Protocol Mobile IPv6 RFC 4877: Mobile IPv6 Operation with IKEv2 and the Revised IPsec Architecture 6 PKI RFC 3779: X.509 Extensions for IP Addresses and AS Identifiers RFC 4514: LDAP: String Representation of Distinguished Names RFC 4518: LDAP Internationalized String Preparation RFC 4809: Requirements for an IPsec Certificate Management Profile RFC 4945: The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX RFC 5280: Internet X.509 Public Key Infrastructure - Certificate and CRL Profile RFC 5755: An Internet Attribute Certificate Profile for Authorization RFC 5759: Suite B Certificate and CRL Profile RFC 6818: Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile RFC 6960: X.509 Internet Public Key Infrastructure Online Certificate Status Protocol OCSP RFC 7468: Textual Encodings of PKIX, PKCS, and CMS Structures RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA) RFC 8410: Algorithm Identifiers for EdDSA, Ed25519, Ed448, Curve25519 and Curve448 for X.509 RFC 8894: Simple Certificate Enrollment Protocol (SCEP) 7 EAP x RFC 3748: Extensible Authentication Protocol (EAP) RFC 4186: EAP Method for GSM Subscriber Identity Modules (EAP-SIM) RFC 4187: EAP Method for 3rd Generation Authentication and Key Agreement (EAPAKA) RFC 5216: The EAP-TLS Authentication Protocol RFC 5281: The EAP-TTLS Authentication Protocol Version 0 RFC 5448: Improved EAP Method for 3rd Generation Authentication and Key Agreement (EAP-AKA') x 8 RFC 7170: Tunnel EAP Method (TEAP) Version 1 IANA EAP: EAP Method Types IANA EAP-AKA/SIM: EAP-AKA and EAP-SIM Parameters RADIUS RFC 2865: Remote Authentication Dial In User Service (RADIUS) RFC 2869: RADIUS Extensions RFC 3579: RADIUS for EAP 9 DNS RFC 4025: A Method for Storing IPsec Keying Material in DNS 10 NEA RFC 5209: Network Endpoint Assessment (NEA): Overview and Requirements RFC 5792: PA-TNC: A Posture Attribute (PA) Protocol Compatible with TNC RFC 5793: PB-TNC: A Posture Broker (PB) Protocol Compatible with TNC RFC 6876: PT-TLS: Posture Transport Protocol over TLS RFC 7171: PT-EAP: Posture Transport Protocol For EAP Tunnel Methods RFC 8412: Software Inventory Message and Attributes (SWIMA) for PA-TNC