RFC 1827 (rfc1827) - Page 3 of 12
IP Encapsulating Security Payload (ESP)
Alternative Format: Original Text Document
RFC 1827 Encapsulating Security Payload August 1995
1.2 Requirements Terminology
In this document, the words that are used to define the significance
of each particular requirement are usually capitalised. These words
are:
- MUST
This word or the adjective "REQUIRED" means that the item is an
absolute requirement of the specification.
- SHOULD
This word or the adjective "RECOMMENDED" means that there might
exist valid reasons in particular circumstances to ignore this
item, but the full implications should be understood and the case
carefully weighed before taking a different course.
- MAY
This word or the adjective "OPTIONAL" means that this item is
truly optional. One vendor might choose to include the item
because a particular marketplace requires it or because it
enhances the product, for example; another vendor may omit the
same item.
2. KEY MANAGEMENT
Key management is an important part of the IP security architecture.
However, a specific key management protocol is not included in this
specification because of a long history in the public literature of
subtle flaws in key management algorithms and protocols. IP tries to
decouple the key management mechanisms from the security protocol
mechanisms. The only coupling between the key management protocol
and the security protocol is with the Security Parameter Index (SPI),
which is described in more detail below. This decoupling permits
several different key management mechanisms to be used. More
importantly, it permits the key management protocol to be changed or
corrected without unduly impacting the security protocol
implementations. Thus, a key management protocol for IP is not
specified within this memo. The IP Security Architecture describes
key management in more detail and specifies the key management
requirements for IP. Those key management requirements are
incorporated here by reference [Atk95a].
The key management mechanism is used to negotiate a number of
parameters for each security association, including not only the keys
but other information (e.g., the cryptographic algorithms and modes,
Atkinson Standards Track