Skip to main content

IP Security Maintenance and Extensions (ipsecme)

Document Date Status IPR AD/Shepherd
Active Internet-Drafts (4 hits)
71 pages
draft-ietf-ipsecme-g-ikev2-10
Group Key Management using IKEv2
2023-10-19
I-D Exists
WG Consensus: Waiting for Write-Up
Reviews: secdir Early tsvart Early
Jul 2022

13 pages
draft-ietf-ipsecme-ikev2-auth-announce-06
Announcing Supported Authentication Methods in IKEv2
2023-12-12
AD Evaluation::External Party 117
Submitted to IESG for Publication : Proposed Standard
Action Holder: Roman Danyliw 124
Roman Danyliw
Tero Kivinen
9 pages
draft-ietf-ipsecme-ikev2-sa-ts-payloads-opt-02
IKEv2 Optional SA&TS Payloads in Child Exchange
2024-01-12
I-D Exists
WG Document
2
13 pages
draft-ietf-ipsecme-multi-sa-performance-03
IKEv2 support for per-resource Child SAs
2023-11-16
I-D Exists
WG Consensus: Waiting for Write-Up : Proposed Standard

Expired Internet-Draft (1 hit)
9 pages
draft-ietf-ipsecme-ike-tcp-01
A TCP transport for the Internet Key Exchange
2012-12-03
Expired
WG Document

RFCs (39 hits)
15 pages
RFC 5685
Redirect Mechanism for the Internet Key Exchange Protocol Version 2 (IKEv2)
2009-11
Proposed Standard RFC
Tim Polk
26 pages
RFC 5723
Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption
2010-01
Proposed Standard RFC
Pasi Eronen
32 pages
RFC 5739
IPv6 Configuration in Internet Key Exchange Protocol Version 2 (IKEv2) Errata
2010-02
Experimental RFC
Tim Polk
15 pages
RFC 5840
Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility
2010-04
Proposed Standard RFC
Pasi Eronen
32 pages
RFC 5879
Heuristics for Detecting ESP-NULL Packets
2010-05
Informational RFC
Pasi Eronen
6 pages
RFC 5930
Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol
2010-07
Informational RFC
Sean Turner
138 pages
RFC 5996
Internet Key Exchange Protocol Version 2 (IKEv2) Errata
2010-09
Proposed Standard RFC
Obsoleted by rfc7296
Updated by rfc5998, rfc6989, rfc6989
10 Sean Turner
16 pages
RFC 5998
An Extension for EAP-Only Authentication in IKEv2
2010-09
Proposed Standard RFC
Sean Turner
12 pages
RFC 6027
IPsec Cluster Problem Statement
2010-10
Informational RFC
Sean Turner
63 pages
RFC 6071
IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap
2011-02
Informational RFC
Sean Turner
22 pages
RFC 6290
A Quick Crash Detection Method for the Internet Key Exchange Protocol (IKE) Errata
2011-06
Proposed Standard RFC
Sean Turner
26 pages
RFC 6311
Protocol Support for High Availability of IKEv2/IPsec Errata
2011-07
Proposed Standard RFC
Sean Turner
10 pages
RFC 6989
Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2)
2013-07
Proposed Standard RFC
Sean Turner
12 pages
RFC 7018
Auto-Discovery VPN Problem Statement and Requirements
2013-09
Informational RFC
Sean Turner
142 pages
RFC 7296
Internet Key Exchange Protocol Version 2 (IKEv2) Errata
2014-10
Internet Standard RFC
Updated by rfc7427, rfc7670, rfc8247, rfc8983, rfc9370
Also known as STD 79
10 Kathleen Moriarty
11 pages
RFC 7321
Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)
2014-08
Proposed Standard RFC
Obsoleted by rfc8221
Kathleen Moriarty
20 pages
RFC 7383
Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation
2014-11
Proposed Standard RFC
Kathleen Moriarty
18 pages
RFC 7427
Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)
2015-01
Proposed Standard RFC
Kathleen Moriarty
12 pages
RFC 7619
The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2)
2015-08
Proposed Standard RFC
Kathleen Moriarty
13 pages
RFC 7634
ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec Errata
2015-08
Proposed Standard RFC
Kathleen Moriarty
32 pages
RFC 8019
Protecting Internet Key Exchange Protocol Version 2 (IKEv2) Implementations from Distributed Denial-of-Service Attacks
2016-11
Proposed Standard RFC
Kathleen Moriarty
8 pages
RFC 8031
Curve25519 and Curve448 for the Internet Key Exchange Protocol Version 2 (IKEv2) Key Agreement Errata
2016-12
Proposed Standard RFC
Kathleen Moriarty
15 pages
RFC 8221
Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)
2017-10
Proposed Standard RFC
Updated by rfc9395
Eric Rescorla
25 pages
RFC 8229
TCP Encapsulation of IKE and IPsec Packets Errata
2017-08
Proposed Standard RFC
Obsoleted by rfc9329
Eric Rescorla
19 pages
RFC 8247
Algorithm Implementation Requirements and Usage Guidance for the Internet Key Exchange Protocol Version 2 (IKEv2)
2017-09
Proposed Standard RFC
Updated by rfc9395
Eric Rescorla
5 pages
RFC 8420
Using the Edwards-Curve Digital Signature Algorithm (EdDSA) in the Internet Key Exchange Protocol Version 2 (IKEv2)
2018-08
Proposed Standard RFC
Eric Rescorla
16 pages
RFC 8598
Split DNS Configuration for the Internet Key Exchange Protocol Version 2 (IKEv2)
2019-05
Proposed Standard RFC
Eric Rescorla
8 pages
RFC 8750
Implicit Initialization Vector (IV) for Counter-Based Ciphers in Encapsulating Security Payload (ESP)
2020-03
Proposed Standard RFC
Alexey Melnikov
16 pages
RFC 8784
Mixing Preshared Keys in the Internet Key Exchange Protocol Version 2 (IKEv2) for Post-quantum Security
2020-06
Proposed Standard RFC
Benjamin Kaduk
7 pages
RFC 8983
Internet Key Exchange Protocol Version 2 (IKEv2) Notification Status Types for IPv4/IPv6 Coexistence
2021-02
Proposed Standard RFC
Benjamin Kaduk
14 pages
RFC 9242
Intermediate Exchange in the Internet Key Exchange Protocol Version 2 (IKEv2)
2022-05
Proposed Standard RFC
Benjamin Kaduk
30 pages
RFC 9329
TCP Encapsulation of Internet Key Exchange Protocol (IKE) and IPsec Packets
2022-11
Proposed Standard RFC
Roman Danyliw
31 pages
RFC 9347
Aggregation and Fragmentation Mode for Encapsulating Security Payload (ESP) and Its Use for IP Traffic Flow Security (IP-TFS)
2023-01
Proposed Standard RFC
Roman Danyliw
25 pages
RFC 9348
A YANG Data Model for IP Traffic Flow Security
2023-01
Proposed Standard RFC
Roman Danyliw
19 pages
RFC 9349
Definitions of Managed Objects for IP Traffic Flow Security
2023-01
Proposed Standard RFC
Roman Danyliw
29 pages
RFC 9370
Multiple Key Exchanges in the Internet Key Exchange Protocol Version 2 (IKEv2)
2023-05
Proposed Standard RFC
Roman Danyliw
7 pages
RFC 9395
Deprecation of the Internet Key Exchange Version 1 (IKEv1) Protocol and Obsoleted Algorithms
2023-04
Proposed Standard RFC
Roman Danyliw
16 pages
RFC 9464
Internet Key Exchange Protocol Version 2 (IKEv2) Configuration for Encrypted DNS
2023-11
Proposed Standard RFC
Roman Danyliw
7 pages
RFC 9478
Labeled IPsec Traffic Selector Support for the Internet Key Exchange Protocol Version 2 (IKEv2)
2023-10
Proposed Standard RFC
Roman Danyliw
Related Internet-Drafts and RFCs (54 hits)
21 pages
draft-antony-ipsecme-beet-mode-00
A Bound End-to-End Tunnel (BEET) mode for ESP
2023-10-23
I-D Exists

14 pages
draft-guo-ipsecme-ikev2-using-shangmi-00
Using ShangMi in the Internet Key Exchange Protocol Version 2 (IKEv2)
2024-01-28
I-D Exists

10 pages
draft-kampanakis-ml-kem-ikev2-02
Post-quantum Hybrid Key Exchange with ML-KEM in the Internet Key Exchange Protocol Version 2 (IKEv2)
2024-02-19
New
I-D Exists

20 pages
draft-liu-ipsecme-ikev2-mtu-dect-07
IKEv2 Link Maximum Atomic Packet and Packet Too Big Notification Extension
2023-10-06
I-D Exists
1
8 pages
draft-mglt-ipsecme-dscp-np-00
Differentiated Services Field Codepoints Internet Key Exchange version 2 Notification
2023-10-06
I-D Exists

18 pages
draft-mrossberg-ipsecme-multiple-sequence-counters-02
Broadening the Scope of Encapsulating Security Payload (ESP) Protocol
2024-02-15
New
I-D Exists

6 pages
draft-pan-ipsecme-esp-trailer-adjustment-00
Considerations for Adjustments of Encapsulating Security Payload (ESP) Trailer
2023-10-23
I-D Exists

13 pages
draft-ponchon-ipsecme-anti-replay-subspaces-03
IPsec and IKE anti-replay sequence number subspaces for traffic-engineered paths and multi-core processing
2023-10-23
I-D Exists
3
7 pages
draft-pwouters-ipsecme-delete-info-01
IKEv2 support for specifying a Delete notify reason
2023-10-23
I-D Exists

10 pages
draft-smyslov-ipsecme-ikev2-cookie-revised-06
Revised Cookie Processing in the IKEv2 Protocol
2023-10-16 I-D Exists
11 pages
draft-smyslov-ipsecme-ikev2-qr-alt-09
Alternative Approach for Mixing Preshared Keys in IKEv2 for Post-quantum Security
2023-10-19
I-D Exists
Call For Adoption By WG Issued

6 pages
draft-smyslov-ipsecme-ikev2-reliable-transport-01
Use of Reliable Transport in the Internet Key Exchange Protocol Version 2 (IKEv2)
2023-12-28
I-D Exists

8 pages
draft-xu-ipsecme-esp-in-udp-lb-11
Encapsulating IPsec ESP in UDP for Load-balancing
2023-09-14
I-D Exists

30 pages
draft-xu-ipsecme-risav-04
An RPKI and IPsec-based AS-to-AS Approach for Source Address Validation
2023-10-23
I-D Exists

11 pages
RFC 2104
HMAC: Keyed-Hashing for Message Authentication Errata
1997-02
Informational RFC
Updated by rfc6151

7 pages
RFC 2403
The Use of HMAC-MD5-96 within ESP and AH
1998-11
Proposed Standard RFC

7 pages
RFC 2404
The Use of HMAC-SHA-1-96 within ESP and AH
1998-11
Proposed Standard RFC

10 pages
RFC 2405
The ESP DES-CBC Cipher Algorithm With Explicit IV
1998-11
Proposed Standard RFC

6 pages
RFC 2410
The NULL Encryption Algorithm and Its Use With IPsec Errata
1998-11
Proposed Standard RFC

14 pages
RFC 2451
The ESP CBC-Mode Cipher Algorithms
1998-11
Proposed Standard RFC

10 pages
RFC 3526
More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)
2003-05
Proposed Standard RFC
1 Jeffrey I. Schiller
11 pages
RFC 3566
The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec
2003-09
Proposed Standard RFC
Russ Housley
15 pages
RFC 3602
The AES-CBC Cipher Algorithm and Its Use with IPsec
2003-09
Proposed Standard RFC
Russ Housley
19 pages
RFC 3686
Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP)
2004-01
Proposed Standard RFC
Steven M. Bellovin
15 pages
RFC 3948
UDP Encapsulation of IPsec ESP Packets Errata
2005-01
Proposed Standard RFC
2 Russ Housley
11 pages
RFC 4106
The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP) Errata
2005-06
Proposed Standard RFC
Russ Housley
101 pages
RFC 4301
Security Architecture for the Internet Protocol Errata
2005-12
Proposed Standard RFC
Updated by rfc6040, rfc7619
1 Russ Housley
34 pages
RFC 4302
IP Authentication Header Errata
2005-12
Proposed Standard RFC
Russ Housley
44 pages
RFC 4303
IP Encapsulating Security Payload (ESP) Errata
2005-12
Proposed Standard RFC
Russ Housley
7 pages
RFC 4308
Cryptographic Suites for IPsec Errata
2005-12
Proposed Standard RFC
Russ Housley
13 pages
RFC 4309
Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP) Errata
2005-12
Proposed Standard RFC
Steven M. Bellovin
6 pages
RFC 4434
The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)
2006-02
Proposed Standard RFC
Russ Housley
5 pages
RFC 4478
Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
2006-04
Experimental RFC
Russ Housley
8 pages
RFC 4494
The AES-CMAC-96 Algorithm and Its Use with IPsec
2006-06
Proposed Standard RFC
Russ Housley
14 pages
RFC 4543
The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH Errata
2006-05
Proposed Standard RFC
Russ Housley
33 pages
RFC 4555
IKEv2 Mobility and Multihoming Protocol (MOBIKE)
2006-06
Proposed Standard RFC
3 Russ Housley
7 pages
RFC 4615
The Advanced Encryption Standard-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for the Internet Key Exchange Protocol (IKE)
2006-08
Proposed Standard RFC
Russ Housley
11 pages
RFC 4739
Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol
2006-11
Experimental RFC
Russ Housley
15 pages
RFC 4754
IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA) Errata
2007-01
Proposed Standard RFC
4 Russ Housley
11 pages
RFC 4806
Online Certificate Status Protocol (OCSP) Extensions to IKEv2
2007-02
Proposed Standard RFC
Russ Housley
21 pages
RFC 4868
Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec Errata
2007-05
Proposed Standard RFC
Russ Housley
23 pages
RFC 5114
Additional Diffie-Hellman Groups for Use with IETF Standards
2008-01
Informational RFC
Tim Polk
19 pages
RFC 5282
Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol Errata
2008-08
Proposed Standard RFC
Tim Polk
7 pages
RFC 5529
Modes of Operation for Camellia for Use with IPsec
2009-04
Proposed Standard RFC
Tim Polk
13 pages
RFC 5857
IKEv2 Extensions to Support Robust Header Compression over IPsec Errata
2010-05
Proposed Standard RFC
Magnus Westerlund
16 pages
RFC 5903
Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2 Errata
2010-06
Informational RFC
3 Tim Polk
7 pages
RFC 6023
A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security Association (SA)
2010-10
Experimental RFC
Sean Turner
10 pages
RFC 6467
Secure Password Framework for Internet Key Exchange Version 2 (IKEv2)
2011-12
Informational RFC
Sean Turner
24 pages
RFC 6617
Secure Pre-Shared Key (PSK) Authentication for the Internet Key Exchange Protocol (IKE)
2012-06
Experimental RFC
Sean Turner
20 pages
RFC 6628
Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2
2012-06
Experimental RFC
3 Sean Turner
26 pages
RFC 6631
Password Authenticated Connection Establishment with the Internet Key Exchange Protocol version 2 (IKEv2)
2012-06
Experimental RFC
Sean Turner
9 pages
RFC 6867
An Internet Key Exchange Protocol Version 2 (IKEv2) Extension to Support EAP Re-authentication Protocol (ERP)
2013-01
Experimental RFC
Sean Turner
14 pages
RFC 7791
Cloning the IKE Security Association in the Internet Key Exchange Protocol Version 2 (IKEv2)
2016-03
Proposed Standard RFC
Kathleen Moriarty
22 pages
RFC 9227
Using GOST Ciphers in the Encapsulating Security Payload (ESP) and Internet Key Exchange Version 2 (IKEv2) Protocols
2022-03
Informational RFC