Some IPsec references

•  December 20, 2012

Some IPsec ressources I was using while developing ipdecap

RFCs

• rfc 4835:Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)

 Requirement    Encryption Algorithm (notes)
        -----------    --------------------------
        MUST           NULL [RFC2410] (1)
        MUST           AES-CBC with 128-bit keys [RFC3602]
        MUST-          TripleDES-CBC [RFC2451]
        SHOULD         AES-CTR [RFC3686]
        SHOULD NOT     DES-CBC [RFC2405] (2)

        Requirement    Authentication Algorithm (notes)
        -----------    -----------------------------
        MUST           HMAC-SHA1-96 [RFC2404] (3)
        SHOULD+        AES-XCBC-MAC-96 [RFC3566]
        MAY            NULL (1)
        MAY            HMAC-MD5-96 [RFC2403] (4)

• rfc 4309: Cryptographic Suites for IPsec
• rfc 6379: Suite B Cryptographic Suites for IPsec

Authentication

• rfc 2104: HMAC: Keyed-Hashing for Message Authentication
• rfc 2403: The Use of HMAC-MD5-96 within ESP and AH
• rfc 2404: The Use of HMAC-SHA-1-96 within ESP and AH
• rfc 2410: The NULL Encryption Algorithm and Its Use With IPsec
• rfc 4868: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec
• draft: The HMAC-SHA-256-96 Algorithm and Its Use With IPsec
• draft: The HMAC-SHA-256-128 Algorithm and Its Use With IPsec

Encryption

• rfc 2405: The ESP DES-CBC Cipher Algorithm With Explicit IV
• rfc 3686: Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP)
• rfc 3602: The AES-CBC Cipher Algorithm and Its Use with IPsec
• draft: The ESP CAST5-128-CBC Transform
• draft: The ESP Blowfish-CBC Algorithm Using an Explicit IV
• draft: The ESP CAST128-CBC Algorithm
• draft: The ESP RC5-CBC Algorithm