RFC 1827 (rfc1827) - Page 3 of 12

IP Encapsulating Security Payload (ESP)

Alternative Format: Original Text Document
< Previous
Next >
RFC 1827             Encapsulating Security Payload          August 1995


1.2 Requirements Terminology

   In this document, the words that are used to define the significance
   of each particular requirement are usually capitalised.  These words
   are:

   - MUST

      This word or the adjective "REQUIRED" means that the item is an
      absolute requirement of the specification.

   - SHOULD

      This word or the adjective "RECOMMENDED" means that there might
      exist valid reasons in particular circumstances to ignore this
      item, but the full implications should be understood and the case
      carefully weighed before taking a different course.

   - MAY

      This word or the adjective "OPTIONAL" means that this item is
      truly optional.  One vendor might choose to include the item
      because a particular marketplace requires it or because it
      enhances the product, for example; another vendor may omit the
      same item.

2. KEY MANAGEMENT

   Key management is an important part of the IP security architecture.
   However, a specific key management protocol is not included in this
   specification because of a long history in the public literature of
   subtle flaws in key management algorithms and protocols.  IP tries to
   decouple the key management mechanisms from the security protocol
   mechanisms.  The only coupling between the key management protocol
   and the security protocol is with the Security Parameter Index (SPI),
   which is described in more detail below.  This decoupling permits
   several different key management mechanisms to be used.  More
   importantly, it permits the key management protocol to be changed or
   corrected without unduly impacting the security protocol
   implementations. Thus, a key management protocol for IP is not
   specified within this memo.  The IP Security Architecture describes
   key management in more detail and specifies the key management
   requirements for IP.  Those key management requirements are
   incorporated here by reference [Atk95a].

   The key management mechanism is used to negotiate a number of
   parameters for each security association, including not only the keys
   but other information (e.g., the cryptographic algorithms and modes,



Atkinson                    Standards Track
< Previous
Next >