RFC 2407 (rfc2407) - Page 1 of 32


The Internet IP Security Domain of Interpretation for ISAKMP



Alternative Format: Original Text Document



Network Working Group                                           D. Piper
Request for Comments: 2407                               Network Alchemy
Category: Standards Track                                  November 1998


      The Internet IP Security Domain of Interpretation for ISAKMP

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1998).  All Rights Reserved.

IESG Note

   Section 4.4.4.2 states, "All implememtations within the IPSEC DOI
   MUST support ESP_DES...".  Recent work in the area of cryptanalysis
   suggests that DES may not be sufficiently strong for many
   applications.  Therefore, it is very likely that the IETF will
   deprecate the use of ESP_DES as a mandatory cipher suite in the near
   future.  It will remain as an optional use protocol.  Although the
   IPsec working group and the IETF in general have not settled on an
   alternative algorithm (taking into account concerns of security and
   performance), implementers may want to heed the recommendations of
   section 4.4.4.3 on the use of ESP_3DES.

1. Abstract

   The Internet Security Association and Key Management Protocol
   (ISAKMP) defines a framework for security association management and
   cryptographic key establishment for the Internet.  This framework
   consists of defined exchanges, payloads, and processing guidelines
   that occur within a given Domain of Interpretation (DOI).  This
   document defines the Internet IP Security DOI (IPSEC DOI), which
   instantiates ISAKMP for use with IP when IP uses ISAKMP to negotiate
   security associations.

   For a list of changes since the previous version of the IPSEC DOI,
   please see Section 7.






Piper                       Standards Track