Suite B Cryptographic Suites for IPsec
RFC 4869
Document | Type |
RFC - Historic
(May 2007; No errata)
Obsoleted by RFC 6379
Status changed by status-change-suiteb-to-historic
Was draft-solinas-ui-suites (individual in sec area)
|
|
---|---|---|---|
Authors | Jerome Solinas , Laurie Law | ||
Last updated | 2018-08-01 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Reviews | |||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4869 (Historic) | |
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | (None) |
Network Working Group L. Law Request for Comments: 4869 J. Solinas Category: Informational NSA May 2007 Suite B Cryptographic Suites for IPsec Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The IETF Trust (2007). Abstract This document proposes four optional cryptographic user interface suites ("UI suites") for IPsec, similar to the two suites specified in RFC 4308. The four new suites provide compatibility with the United States National Security Agency's Suite B specifications. Table of Contents 1. Introduction ....................................................2 2. Requirements Terminology ........................................2 3. New UI Suites ...................................................2 3.1. Suite "Suite-B-GCM-128" ....................................2 3.2. Suite "Suite-B-GCM-256" ....................................3 3.3. Suite "Suite-B-GMAC-128" ...................................4 3.4. Suite "Suite-B-GMAC-256" ...................................5 4. Security Considerations .........................................5 5. IANA Considerations .............................................6 6. References ......................................................6 6.1. Normative References .......................................6 6.2. Informative References .....................................7 Law & Solinas Informational [Page 1] RFC 4869 Suite B Cryptographic Suites for IPsec May 2007 1. Introduction [RFC4308] proposes two optional cryptographic user interface suites ("UI suites") for IPsec. The two suites, VPN-A and VPN-B, represent commonly used present-day corporate VPN security choices and anticipated future choices, respectively. This document proposes four new UI suites based on implementations of the United States National Security Agency's Suite B algorithms (see [SuiteB]). As with the VPN suites, the Suite B suites are simply collections of values for some options in IPsec. Use of UI suites does not change the IPsec protocols in any way. 2. Requirements Terminology The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY" in this document are to be interpreted as described in [RFC2119]. 3. New UI Suites Each of the following UI suites provides choices for ESP (see [RFC4303]) and for IKEv1 and IKEv2 (see [RFC2409] and [RFC4306]). The four suites are differentiated by the choice of cryptographic algorithm strengths and a choice of whether the Encapsulating Security Payload (ESP) is to provide both confidentiality and integrity or integrity only. The suite names are based on the Advanced Encryption Standard [AES] mode and AES key length specified for ESP. IPsec implementations that use these UI suites SHOULD use the suite names listed here. IPsec implementations SHOULD NOT use names different than those listed here for the suites that are described, and MUST NOT use the names listed here for suites that do not match these values. These requirements are necessary for interoperability. 3.1. Suite "Suite-B-GCM-128" This suite provides ESP integrity protection and confidentiality using 128-bit AES-GCM (see [RFC4106]). This suite or the following suite should be used when ESP integrity protection and encryption are both needed. ESP: Encryption AES with 128-bit keys and 16-octet Integrity Check Value (ICV) in GCM mode [RFC4106] Integrity NULL Law & Solinas Informational [Page 2] RFC 4869 Suite B Cryptographic Suites for IPsec May 2007 IKEv1: Encryption AES with 128-bit keys in CBC mode [RFC3602] Pseudo-random function HMAC-SHA-256 [RFC4868] Hash SHA-256 [FIPS-180-2] [RFC4634] Diffie-Hellman group 256-bit random ECP group [RFC4753] Group Type ECP For IKEv1, Phase 1 SHOULD use Main mode. IKEv1 implementations MUST support pre-shared key authentication [RFC2409] for interoperability. The authentication method used with IKEv1 MAY be either pre-shared key [RFC2409] or ECDSA-256 [RFC4754]. IKEv2: Encryption AES with 128-bit keys in CBC mode [RFC3602] Pseudo-random function HMAC-SHA-256 [RFC4868] Integrity HMAC-SHA-256-128 [RFC4868]Show full document text