1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
|
From RFC 2409 (IKE)
(last updated 2001 Jun 29)
Attribute Assigned Numbers
Attributes negotiated during phase one use the following definitions.
Phase two attributes are defined in the applicable DOI specification
(for example, IPsec attributes are defined in the IPsec DOI), with the
exception of a group description when Quick Mode includes an ephemeral
Diffie-Hellman exchange. Attribute types can be either Basic (B) or
Variable-length (V). Encoding of these attributes is defined in the
base ISAKMP specification as Type/Value (Basic) and Type/Length/Value
(Variable).
Attributes described as basic MUST NOT be encoded as variable.
Variable length attributes MAY be encoded as basic attributes if their
value can fit into two octets. If this is the case, an attribute
offered as variable (or basic) by the initiator of this protocol MAY
be returned to the initiator as a basic (or variable).
Attribute Classes
class value type
-------------------------------------------------------------------
Encryption Algorithm 1 B
Hash Algorithm 2 B
Authentication Method 3 B
Group Description 4 B
Group Type 5 B
Group Prime/Irreducible Polynomial 6 V
Group Generator One 7 V
Group Generator Two 8 V
Group Curve A 9 V
Group Curve B 10 V
Life Type 11 B
Life Duration 12 V
PRF 13 B
Key Length 14 B
Field Size 15 B
Group Order 16 V
values 17-16383 are reserved to IANA. Values 16384-32767 are for
private use among mutually consenting parties.
Class Values
Encryption Algorithm Value Reference
-------------------- ----- ---------
DES-CBC 1 [RFC2405]
IDEA-CBC 2 [RFC2409]
Blowfish-CBC 3 [RFC2409]
RC5-R16-B64-CBC 4 [RFC2409]
3DES-CBC 5 [RFC2409]
CAST-CBC 6 [RFC2409]
AES-CBC 7 [Leech]
values 7-65000 are reserved to IANA. Values 65001-65535 are for
private use among mutually consenting parties.
Hash Algorithm Value References
-------------- ----- ----------
MD5 1 [RFC1321]
SHA 2 FIPS 180-1
Tiger 3 See Reference [TIGER]
SHA2-256 4 [Leech]
SHA2-384 5 [Leech]
SHA2-512 6 [Leech]
values 4-65000 are reserved to IANA. Values 65001-65535 are for
private use among mutually consenting parties.
IPSEC Authentication Methods
Method Value Reference
------ ----- ---------
pre-shared key 1 [RFC2409]
DSS signatures 2 [RFC2409]
RSA signatures 3 [RFC2409]
Encryption with RSA 4 [RFC2409]
Revised encryption with RSA 5 [RFC2409]
Encryption with El-Gamal 6
Revised encryption with El-Gamal 7
ECDSA signatures 8 [Fahn]
Reserved to IANA 9-65000
values 6-65000 are reserved to IANA. Values 65001-65535 are for
private use among mutually consenting parties.
Group Description Value Reference
----------------- ----- ---------
default 768-bit MODP group (section 6.1) 1 [RFC2409]
alternate 1024-bit MODP group (section 6.2) 2 [RFC2409]
EC2N group on GP[2^155] (section 6.3) 3 [RFC2409]
EC2N group on GP[2^185] (section 6.4) 4 [RFC2409]
Reserved to IANA 5
EC2N group over GF[2^163] (Section 2.1) 6 [Panjwani]
EC2N group over GF[2^163] (Section 2.2) 7 [Panjwani]
EC2N group over GF[2^283] (Section 2.3) 8 [Panjwani]
EC2N group over GF[2^283] (Section 2.4) 9 [Panjwani]
EC2N group over GF[2^409] (Section 2.5) 10 [Blake-Wilson]
EC2N group over GF[2^409] (Section 2.6) 11 [Blake-Wilson]
EC2N group over GF[2^571] (Section 2.7) 12 [Blake-Wilson]
EC2N group over GF[2^571] (Section 2.8) 13 [Blake-Wilson]
values 10-32767 are reserved to IANA. Values 32768-65535 are for
private use among mutually consenting parties.
Group Type Value
---------- -----
MODP (modular exponentiation group) 1
ECP (elliptic curve group over GF[P]) 2
EC2N (elliptic curve group over GF[2^N]) 3
values 4-65000 are reserved to IANA. Values 65001-65535 are for
private use among mutually consenting parties.
Life Type Value
--------- ----
seconds 1
kilobytes 2
values 3-65000 are reserved to IANA. Values 65001-65535 are for
private use among mutually consenting parties. For a given "Life
Type" the value of the "Life Duration" attribute defines the
actual length of the SA life-- either a number of seconds, or a number
of kbytes protected.
PRF
---
There are currently no pseudo-random functions defined.
values 1-65000 are reserved to IANA. Values 65001-65535 are for
private use among mutually consenting parties.
Key Length
----------
When using an Encryption Algorithm that has a variable length key,
this attribute specifies the key length in bits. (MUST use network
byte order). This attribute MUST NOT be used when the specified
Encryption Algorithm uses a fixed length key.
Field Size
----------
The field size, in bits, of a Diffie-Hellman group.
Group Order
-----------
The group order of an elliptical curve group. Note the length of
this attribute depends on the field size.
Additional Exchanges Defined-- XCHG values
Quick Mode 32
New Group Mode 33
People
------
[Blake-Wilson] Simon Blake-Wilson, <sblakewilson@certicom.com>,
October 2000.
[Fahn] Paul Fahn, <pfahn@certicom.com>, January 2000.
[Leech] Marcus Leech, <mleech@nortelnetworks.com>, October 2000.
[Panjwani] Prakash Panjwani, <ppanjwani@certicom.com>, May 2000.
References
----------
[RFC2409] Harkins, D., and D. Carrel, "The Internet Key Exchange", RFC
2409, November 1998.
[TIGER] Anderson, R., and Biham, E., "Fast Software Encryption",
Springer LNCS v. 1039, 1996.
[]
|
