skip to content »

Inurl draft guidelines for mandating the use of ipsec

Within ISAKMP, a Domain of Interpretation is used to group related protocols using ISAKMP to negotiate security associations.

inurl draft guidelines for mandating the use of ipsec-6inurl draft guidelines for mandating the use of ipsec-24inurl draft guidelines for mandating the use of ipsec-73inurl draft guidelines for mandating the use of ipsec-44

Conversely, if the initiator supports either SIT_SECRECY or SIT_INTEGRITY, the Labeled Domain Identifier MUST be included in the situation payload.If a responder does not support SIT_INTEGRITY, a SITUATION-NOT- SUPPORTED Notification Payload SHOULD be returned and the security association setup MUST be aborted.The IPSEC DOI does not impose specific security policy requirements on any implementation.Unless otherwise noted, all tables within this document refer to IANA Assigned Numbers for the IPSEC DOI.See Section 6 for further information relating to the IANA registry for the IPSEC DOI.If SIT_INTEGRITY is present in the Situation bitmap, the Situation field will be followed by variable-length data that includes an integrity level and compartment bitmask.

If SIT_SECRECY is also in use for the association, the integrity information immediately follows the variable-length secrecy level and categories.

Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and working groups.

Note that other groups may also distribute working documents as Internet Drafts.

They also share a common interpretation of DOI-specific payload data content, including the Security Association and Identification payloads.

Overall, ISAKMP places the following requirements on a DOI definition: o define the naming scheme for DOI-specific protocol identifiers o define the interpretation for the Situation field o define the set of applicable security policies o define the syntax for DOI-specific SA Attributes (Phase II) o define the syntax for DOI-specific payload contents o define additional Key Exchange types, if needed o define additional Notification Message types, if needed The remainder of this document details the instantiation of these requirements for using the IP Security (IPSEC) protocols to provide authentication, integrity, and/or confidentiality for IP packets sent between cooperating host systems and/or firewalls.

See section 4.6.1 for a complete description of the Security Association Payload format.