|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: linux-ipsec: IPSEC RFC's
Date: Wed Dec 30 1998 - 16:25:34 EST
Here's my shot at a commented list of what should be there. Comments? Additions?
The Linux FreeSWAN distribution is available from:
ftp://ftp.xs4all.nl/pub/crypto/freeswan
and various mirror sites. To give people more control over their downloads, the RFCs that define IP security are bundled separately in the file:
ftp://ftp.xs4all.nl/pub/crypto/freeswan/RFC.gz
This file, which is included in the main distribution and is available on the web site, describes the RFCs included in that bundle and gives some pointers to alternate sources.
Other sources for RFCs & Internet drafts:
RFCs are downloadble at many places around the net such as:
http://www.rfc-editor.org
http://sunsite.doc.ic.ac.uk/computing/internet/rfc
and browsable at others such as:
http://www.landfield.com/rfcs/index.html http://www.library.ucg.ie/Connected/RFC
Internet Drafts, working documents which sometimes evolve into RFCs, are also available. The overall reference page is:
Drafts related to IPSEC are at:
http://www.ietf.org/ids.by.wg/ipsec.html
Note: some of these may be obsolete, replaced by later drafts or by RFCs.
At least one vendor sells CD-ROMs of RFCs and Internet Drafts:
http://www.cdrom.com/titles/educate/inet.htm
Note: many of the IPSEC RFCs were issued in late November 1998, so an older CD may not be particularly useful if IPSEC is your main concern.
What's in the RFC.gz bundle:
All filenames are of the form rfc*.txt, with the * replaced with the RFC number.
RFC# Title
Overview:
2401 Security Architecture for the Internet Protocol 2411 IP Security Document Roadmap
Basic protocols:
2402 IP Authentication Header 2406 IP Encapsulating Security Payload (ESP)
Key management:
2367 PF_KEY Key Management API, Version 2 2407 The Internet IP Security Domain of Interpretation for ISAKMP 2408 Internet Security Association and Key Management Protocol (ISAKMP) 2409 The Internet Key Exchange (IKE) 2412 The OAKLEY Key Determination Protocol
Details of various things used:
1321 The MD5 Message-Digest Algorithm 1828 IP Authentication using Keyed MD5 1829 The ESP DES-CBC Transform 1851 The ESP Triple DES Transform 1852 IP Authentication using Keyed SHA 2085 HMAC-MD5 IP Authentication with Replay Prevention 2104 HMAC: Keyed-Hashing for Message Authentication 2207 RSVP Extensions for IPSEC Data Flows 2403 The Use of HMAC-MD5-96 within ESP and AH 2404 The Use of HMAC-SHA-1-96 within ESP and AH 2405 The ESP DES-CBC Cipher Algorithm With Explicit IV 2410 The NULL Encryption Algorithm and Its Use With IPsec 2451 The ESP CBC-Mode Cipher Algorithms
RFCs for secure DNS service which IPSEC may rely on: (and for DNS MIB, useful when we come to do an IPSEC MIB)
1611 DNS Server MIB Extensions
1612 DNS Resolver MIB Extensions
2065 Domain Name System Security Extensions
2137 Secure Domain Name System Dynamic Update
2230 Key Exchange Delegation Record for the DNS
Other security-related RFCs:
1750 Randomness Recommendations for Security
1991 PGP Message Exchange Formats
2015 MIME Security with Pretty Good Privacy (PGP)
2078 Generic Security Service Application Program Interface, Version 2
2082 RIP-2 MD5 Authentication
2144 The CAST-128 Encryption Algorithm
2267 Network Ingress Filtering: Defeating Denial of Service Attacks
which employ IP Source Address Spoofing
2268 The RC-2 Encryption Algorithm
2311 S/MIME Version 2 Message Specification
2312 S/MIME Version 2 Certificate Handling
2314 PKCS #10: Certification Request Syntax Version 1.5
2315 PKCS #7: Cryptographic Message Syntax Version 1.5
2316 Report of the IAB Security Architecture Workshop
2437 PKCS #1: RSA Cryptography Specifications Version 2.0
2440 OpenPGP Message Format
Received on Wed Dec 30 17:07:06 1998This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:29 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |