RFC 2407 (rfc2407) - Page 1 of 32
The Internet IP Security Domain of Interpretation for ISAKMP
Alternative Format: Original Text Document
Network Working Group D. Piper
Request for Comments: 2407 Network Alchemy
Category: Standards Track November 1998
The Internet IP Security Domain of Interpretation for ISAKMP
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1998). All Rights Reserved.
IESG Note
Section 4.4.4.2 states, "All implememtations within the IPSEC DOI
MUST support ESP_DES...". Recent work in the area of cryptanalysis
suggests that DES may not be sufficiently strong for many
applications. Therefore, it is very likely that the IETF will
deprecate the use of ESP_DES as a mandatory cipher suite in the near
future. It will remain as an optional use protocol. Although the
IPsec working group and the IETF in general have not settled on an
alternative algorithm (taking into account concerns of security and
performance), implementers may want to heed the recommendations of
section 4.4.4.3 on the use of ESP_3DES.
1. Abstract
The Internet Security Association and Key Management Protocol
(ISAKMP) defines a framework for security association management and
cryptographic key establishment for the Internet. This framework
consists of defined exchanges, payloads, and processing guidelines
that occur within a given Domain of Interpretation (DOI). This
document defines the Internet IP Security DOI (IPSEC DOI), which
instantiates ISAKMP for use with IP when IP uses ISAKMP to negotiate
security associations.
For a list of changes since the previous version of the IPSEC DOI,
please see Section 7.
Piper Standards Track