2. GDOI Phase 1 Protocol

GDOI is a "phase 2" protocol which MUST be protected by a "phase 1" protocol. The "phase 1" protocol can be any protocol which provides for the following protections:

Peer Authentication
Confidentiality
Message Integrity

The following sections describe one such "phase 1" protocol. Other protocols which may be potential "phase 1" protocols are described in Appendix A. However, the use of the protocols listed there are not considered part of this document.

2.1. ISAKMP Phase 1 Protocol

This document defines how the ISAKMP phase 1 exchanges as defined in [RFC2409] can be used as a "phase 1" protocol for GDOI. The following sections define characteristics of the ISAKMP phase 1 protocols that are unique for these exchanges when used for GDOI.

Section 6.1 describes how the ISAKMP Phase 1 protocols meet the requirements of a GDOI "phase 1" protocol.

2.1.1. DOI Value

The Phase 1 SA payload has a DOI value. That value MUST be the GDOI DOI value as defined later in this document.

2.1.2. UDP Port

GDOI MUST NOT run on port 500 (the port commonly used for IKE). IANA has assigned port 848 for the use of GDOI.

2.1. ISAKMP Phase 1 Protocol​

2.1.1. DOI Value​

2.1.2. UDP Port​

2.1. ISAKMP Phase 1 Protocol

2.1.1. DOI Value

2.1.2. UDP Port