RFC 7296 - Internet Key Exchange Protocol Version 2 (IKEv2)

• 状态: Internet Standard
• 发布日期: October 2014
• Stream: IETF
• 废弃了: RFC5996
• 勘误: 无勘误

---

Abstract

本文档描述了 Internet Key Exchange (互联网密钥交换, IKE) 协议的版本 2。IKE 是 IPsec 的一个组件, 用于执行相互身份验证并建立和维护 Security Associations (安全关联, SAs)。本文档废弃了 RFC 5996, 并包含其所有勘误。它将 IKEv2 推进为互联网标准。

Status of This Memo

这是一份互联网标准跟踪文档。

本文档是 Internet Engineering Task Force (IETF) 的产品。它代表了 IETF 社区的共识。它已接受公众审查, 并已获得 Internet Engineering Steering Group (IESG) 批准发布。有关互联网标准的更多信息可在 RFC 5741 的第 2 节中找到。

有关本文档当前状态、任何勘误以及如何提供反馈的信息可从 http://www.rfc-editor.org/info/rfc7296 获取。

Copyright Notice

Copyright (c) 2014 IETF Trust 和被确定为文档作者的人员。保留所有权利。

本文档受 BCP 78 和 IETF Trust 关于 IETF 文档的法律规定 (http://trustee.ietf.org/license-info) 的约束, 这些规定在本文档发布之日有效。请仔细阅读这些文档, 因为它们描述了您对本文档的权利和限制。从本文档中提取的代码组件必须包含 Trust 法律规定第 4.e 节中描述的简化 BSD 许可证文本, 并按简化 BSD 许可证中所述不提供保证。

本文档可能包含 2008 年 11 月 10 日之前发布或公开的 IETF 文档或 IETF 贡献的材料。控制某些此类材料版权的人员可能未授予 IETF Trust 在 IETF 标准流程之外修改此类材料的权利。在未从控制此类材料版权的人员获得充分许可的情况下, 本文档不得在 IETF 标准流程之外修改, 也不得在 IETF 标准流程之外创建其衍生作品, 除非将其格式化为 RFC 发布或将其翻译成英语以外的语言。

Contents

• 1. Introduction (简介)
  • 1.1. Usage Scenarios (使用场景)
    • 1.1.1. Security Gateway to Security Gateway in Tunnel Mode
    • 1.1.2. Endpoint-to-Endpoint Transport Mode
    • 1.1.3. Endpoint to Security Gateway in Tunnel Mode
    • 1.1.4. Other Scenarios
  • 1.2. The Initial Exchanges (初始交换)
  • 1.3. The CREATE_CHILD_SA Exchange
    • 1.3.1. Creating New Child SAs with the CREATE_CHILD_SA Exchange
    • 1.3.2. Rekeying IKE SAs with the CREATE_CHILD_SA Exchange
    • 1.3.3. Rekeying Child SAs with the CREATE_CHILD_SA Exchange
  • 1.4. The INFORMATIONAL Exchange
    • 1.4.1. Deleting an SA with INFORMATIONAL Exchanges
  • 1.5. Informational Messages outside of an IKE SA
  • 1.6. Requirements Terminology (需求术语)
  • 1.7. Significant Differences between RFC 4306 and RFC 5996
  • 1.8. Differences between RFC 5996 and This Document
• 2. IKE Protocol Details and Variations (IKE 协议细节和变体)
  • 2.1. Use of Retransmission Timers (重传定时器的使用)
  • 2.2. Use of Sequence Numbers for Message ID
  • 2.3. Window Size for Overlapping Requests
  • 2.4. State Synchronization and Connection Timeouts
  • 2.5. Version Numbers and Forward Compatibility
  • 2.6. IKE SA SPIs and Cookies
    • 2.6.1. Interaction of COOKIE and INVALID_KE_PAYLOAD
  • 2.7. Cryptographic Algorithm Negotiation
  • 2.8. Rekeying (密钥更新)
    • 2.8.1. Simultaneous Child SA Rekeying
    • 2.8.2. Simultaneous IKE SA Rekeying
    • 2.8.3. Rekeying the IKE SA versus Reauthentication
  • 2.9. Traffic Selector Negotiation
    • 2.9.1. Traffic Selectors Violating Own Policy
    • 2.9.2. Traffic Selectors in Rekeying
  • 2.10. Nonces
  • 2.11. Address and Port Agility
  • 2.12. Reuse of Diffie-Hellman Exponentials
  • 2.13. Generating Keying Material
  • 2.14. Generating Keying Material for the IKE SA
  • 2.15. Authentication of the IKE SA
  • 2.16. Extensible Authentication Protocol Methods
  • 2.17. Generating Keying Material for Child SAs
  • 2.18. Rekeying IKE SAs Using a CREATE_CHILD_SA Exchange
  • 2.19. Requesting an Internal Address on a Remote Network
  • 2.20. Requesting the Peer's Version
  • 2.21. Error Handling (错误处理)
    • 2.21.1. Error Handling in IKE_SA_INIT
    • 2.21.2. Error Handling in IKE_AUTH
    • 2.21.3. Error Handling after IKE SA is Authenticated
    • 2.21.4. Error Handling Outside IKE SA
  • 2.22. IPComp
  • 2.23. NAT Traversal
    • 2.23.1. Transport Mode NAT Traversal
  • 2.24. Explicit Congestion Notification (ECN)
  • 2.25. Exchange Collisions
    • 2.25.1. Collisions while Rekeying or Closing Child SAs
    • 2.25.2. Collisions while Rekeying or Closing IKE SAs
• 3. Header and Payload Formats (头部和负载格式)
  • 3.1. The IKE Header
  • 3.2. Generic Payload Header
  • 3.3. Security Association Payload
    • 3.3.1. Proposal Substructure
    • 3.3.2. Transform Substructure
    • 3.3.3. Valid Transform Types by Protocol
    • 3.3.4. Mandatory Transform IDs
    • 3.3.5. Transform Attributes
    • 3.3.6. Attribute Negotiation
  • 3.4. Key Exchange Payload
  • 3.5. Identification Payloads
  • 3.6. Certificate Payload
  • 3.7. Certificate Request Payload
  • 3.8. Authentication Payload
  • 3.9. Nonce Payload
  • 3.10. Notify Payload
    • 3.10.1. Notify Message Types
  • 3.11. Delete Payload
  • 3.12. Vendor ID Payload
  • 3.13. Traffic Selector Payload
    • 3.13.1. Traffic Selector
  • 3.14. Encrypted Payload
  • 3.15. Configuration Payload
    • 3.15.1. Configuration Attributes
    • 3.15.2. Meaning of INTERNAL_IP4_SUBNET and INTERNAL_IP6_SUBNET
    • 3.15.3. Configuration Payloads for IPv6
    • 3.15.4. Address Assignment Failures
  • 3.16. Extensible Authentication Protocol (EAP) Payload
• 4. Conformance Requirements (一致性要求)
• 5. Security Considerations (安全考虑)
  • 5.1. Traffic Selector Authorization
• 6. IANA Considerations
• 7. References (参考文献)
  • 7.1. Normative References (规范性参考文献)
  • 7.2. Informative References (信息性参考文献)
• Appendix A. Summary of Changes from IKEv1
• Appendix B. Diffie-Hellman Groups
  • B.1. Group 1 - 768-bit MODP
  • B.2. Group 2 - 1024-bit MODP
• Appendix C. Exchanges and Payloads
  • C.1. IKE_SA_INIT Exchange
  • C.2. IKE_AUTH Exchange without EAP
  • C.3. IKE_AUTH Exchange with EAP
  • C.4. CREATE_CHILD_SA Exchange for Creating or Rekeying Child SAs
  • C.5. CREATE_CHILD_SA Exchange for Rekeying the IKE SA
  • C.6. INFORMATIONAL Exchange

作者

• C. Kaufman, Microsoft
• P. Hoffman, VPN Consortium
• Y. Nir, Check Point
• P. Eronen, Independent
• T. Kivinen, INSIDE Secure

发布日期: October 2014