5.9. References Here's a list of the most important RFCs and drafts mentioned in this chapter. Sometimes I include additional subject-related RFCs for your personal further study. 5.9.1. RFCs RFC 1828, "IP Authentication using Keyed MD5," 1995 RFC 1829, "The ESP DES-CBC Transform," 1995 RFC 1918, "Address Allocation for Private Internets," 1996 RFC 2085, "HMAC-MD5 IP Authentication with Replay Prevention," 1997 RFC 2104, "HMAC: Keyed-Hashing for Message Authentication," 1997 RFC 2401, "Security Architecture for the Internet Protocol," 1998 RFC 2402, "IP Authentication Header," 1998 RFC 2403, "The Use of HMAC-MD5-96 within ESP and AH," 1998 RFC 2404, "The Use of HMAC-SHA-1-96 within ESP and AH," 1998 RFC 2405, "The ESP DES-CBC Cipher Algorithm With Explicit IV," 1998 RFC 2406, "IP Encapsulating Security Payload (ESP)," 1998 RFC 2407, "The Internet IP Security Domain of Interpretation for ISAKMP," 1998 RFC 2408, "Internet Security Association and Key Management Protocol (ISAKMP)," 1998 RFC 2409, "The Internet Key Exchange (IKE)," 1998 RFC 2410, "The NULL Encryption Algorithm and Its Use With IPsec," 1998 RFC 2411, "IP Security Document Roadmap," 1998 RFC 2412, "The OAKLEY Key Determination Protocol," 1998 RFC 2451, "The ESP CBC-Mode Cipher Algorithms," 1998 RFC 2462, "IPv6 Stateless Address Autoconfiguration," 1998 RFC 2553, "Basic Socket Interface Extensions for IPv6," 1999 RFC 3056, "Connection of IPv6 Domains Via IPv4 Clouds," 2001 RFC 3068, "An Anycast Prefix for 6to4 Relay Routers," 2001 RFC 3526, "More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)," 2003 RFC 3602, "The AES-CBC Cipher Algorithm and Its Use with IPsec," 2003 RFC 3631, "Security Mechanisms for the Internet," 2003 RFC 3715, "IPsec-Network Address Translation (NAT) Compatibility Requirements," 2004 RFC 3739, "Internet X.509 Public Key Infrastructure: Qualified Certificates Profile," 2004 RFC 3740, "The Multicast Group Security Architecture," 2004 RFC 3748, "Extensible Authentication Protocol (EAP)," 2004 RFC 3754, "IP Multicast in Differentiated Services (DS) Networks," 2004 RFC 3756, "IPv6 Neighbor Discovery (ND) Trust Models and Threats," 2004 RFC 3765, "NOPEER Community for Border Gateway Protocol (BGP) Route Scope Control," 2004 RFC 3947, "Negotiation of NAT-Traversal in the IKE," 2005 RFC 3948, "UDP Encapsulation of IPsec ESP Packets," 2005 RFC 3964, "Security Considerations for 6to4," 2004 RFC 3971, "SEcure Neighbor Discovery (SEND)," 2005 RFC 3972, "Cryptographically Generated Addresses (CGA)," 2005 RFC 4033, "DNS Security Introduction and Requirements," 2005 RFC 4035, "Protocol Modifications for the DNS Security Extensions," 2005 RFC 4106, "The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)," 2005 RFC 4107, "Guidelines for Cryptographic Key Management," 2005 RFC 4109, "Algorithms for Internet Key Exchange version 1 (IKEv1)," 2005 RFC 4285, "Authentication Protocol for Mobile IPv6," 2005 RFC 4301, "Security Architecture for the Internet Protocol," 2005 RFC 4302, "IP Authentication Header," 2005 RFC 4303, "IP Encapsulating Security Payload (ESP)," 2005 RFC 4305, "Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)," 2005 RFC 4306, "Internet Key Exchange (IKEv2) Protocol," 2005 RFC 4307, "Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)," 2005 RFC 4308, "Cryptographic Suites for IPsec," 2005 RFC 4309, " Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP)," 2005 RFC 4359, "The Use of RSA/SHA-1 Signatures within Encapsulating Security Payload (ESP) and Authentication Header (AH)," 2006 RFC 4380, "Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs)," 2006
5.9.2. Drafts Drafts can be found at http://www.ietf.org/ID.html. To locate the latest version of a draft, refer to https://datatracker.ietf.org/public/pidtracker.cgi. You can enter the draft name without a version number and the most current version will come up. If a draft does not show up, it was either deleted or published as an RFC. Alternatively, you can go to the new Internet drafts database interface at https://datatracker.ietf.org/public/idindex.cgi. http://tools.ietf.org/wg is also a very useful site. More information on the process of standardization, RFCs, and drafts can be found in the Appendix. Here's a list of drafts I refer to in this chapter, as well as interesting drafts that relate to the topics in this chapter: draft-ietf-v6ops-ipsec-tunnels-02.txt, Using IPsec to Secure IPv6-in-IPv4 Tunnels draft-blanchet-v6ops-tunnelbroker-tsp-03.txt, IPv6 Tunnel Broker with the Tunnel Setup Protocol (TSP) draft-ietf-v6ops-security-overview-04.txt, IPv6 Transition/Co-existence Security Considerations draft-ietf-mip6-ikev2-ipsec-05.txt, Mobile IPv6 Operation with IKEv2 and the revised IPsec draft-ietf-mobike-protocol-08.txt, IKEv2 Mobility and Multihoming Protocol (MOBIKE) draft-ietf-mobike-design-08.txt, Design of the MOBIKE Protocol draft-ietf-v6ops-nap-02.txt, IPv6 Network Architecture Protection draft-ietf-bmwg-ipsec-term-08.txt, Terminology for Benchmarking IPsec Devices draft-ietf-bmwg-ipsec-meth-01.txt, Methodology for Benchmarking IPsec Devices draft-ietf-v6ops-icmpv6-filtering-bcp-01.txt, Best Current Practice for Filtering ICMPv6 Messages in Firewalls
|
