136 lines
6.2 KiB
HTML
136 lines
6.2 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
|
|
<HTML>
|
|
<HEAD>
|
|
<TITLE>Introduction to FreeS/WAN</TITLE>
|
|
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=iso-8859-1">
|
|
<STYLE TYPE="text/css"><!--
|
|
BODY { font-family: serif }
|
|
H1 { font-family: sans-serif }
|
|
H2 { font-family: sans-serif }
|
|
H3 { font-family: sans-serif }
|
|
H4 { font-family: sans-serif }
|
|
H5 { font-family: sans-serif }
|
|
H6 { font-family: sans-serif }
|
|
SUB { font-size: smaller }
|
|
SUP { font-size: smaller }
|
|
PRE { font-family: monospace }
|
|
--></STYLE>
|
|
</HEAD>
|
|
<BODY>
|
|
<A HREF="toc.html">Contents</A>
|
|
<A HREF="biblio.html">Previous</A>
|
|
<A HREF="roadmap.html">Next</A>
|
|
<HR>
|
|
<H1><A name="RFC">IPsec RFCs and related documents</A></H1>
|
|
<H2><A name="RFCfile">The RFCs.tar.gz Distribution File</A></H2>
|
|
<P>The Linux FreeS/WAN distribution is available from<A href="http://www.xs4all.nl/~freeswan">
|
|
our primary distribution site</A> and various mirror sites. To give
|
|
people more control over their downloads, the RFCs that define IP
|
|
security are bundled separately in the file RFCs.tar.gz.</P>
|
|
<P>The file you are reading is included in the main distribution and is
|
|
available on the web site. It describes the RFCs included in the<A href="#RFCs.tar.gz">
|
|
RFCs.tar.gz</A> bundle and gives some pointers to<A href="#sources">
|
|
other ways to get them</A>.</P>
|
|
<H2><A name="sources">Other sources for RFCs & Internet drafts</A></H2>
|
|
<H3><A name="RFCdown">RFCs</A></H3>
|
|
<P>RFCs are downloadble at many places around the net such as:</P>
|
|
<UL>
|
|
<LI><A href="http://www.rfc-editor.org">http://www.rfc-editor.org</A></LI>
|
|
<LI><A href="http://nis.nsf.net/internet/documents/rfc">NSF.net</A></LI>
|
|
<LI><A href="http://sunsite.doc.ic.ac.uk/computing/internet/rfc">Sunsite
|
|
in the UK</A></LI>
|
|
</UL>
|
|
<P>browsable in HTML form at others such as:</P>
|
|
<UL>
|
|
<LI><A href="http://www.landfield.com/rfcs/index.html">landfield.com</A></LI>
|
|
<LI><A href="http://www.library.ucg.ie/Connected/RFC">Connected Internet
|
|
Encyclopedia</A></LI>
|
|
</UL>
|
|
<P>and some of them are available in translation:</P>
|
|
<UL>
|
|
<LI><A href="http://www.eisti.fr/eistiweb/docs/normes/">French</A></LI>
|
|
</UL>
|
|
<P>There is also a published<A href="biblio.html#RFCs"> Big Book of
|
|
IPSEC RFCs</A>.</P>
|
|
<H3><A name="drafts">Internet Drafts</A></H3>
|
|
<P>Internet Drafts, working documents which sometimes evolve into RFCs,
|
|
are also available.</P>
|
|
<UL>
|
|
<LI><A href="http://www.ietf.org/ID.html">Overall reference page</A></LI>
|
|
<LI><A href="http://www.ietf.org/ids.by.wg/ipsec.html">IPsec</A> working
|
|
group</LI>
|
|
<LI><A href="http://www.ietf.org/ids.by.wg/ipsra.html">IPSRA (IPsec
|
|
Remote Access)</A> working group</LI>
|
|
<LI><A href="http://www.ietf.org/ids.by.wg/ipsp.html">IPsec Policy</A>
|
|
working group</LI>
|
|
<LI><A href="http://www.ietf.org/ids.by.wg/kink.html">KINK (Kerberized
|
|
Internet Negotiation of Keys)</A> working group</LI>
|
|
</UL>
|
|
<P>Note: some of these may be obsolete, replaced by later drafts or by
|
|
RFCs.</P>
|
|
<H3><A name="FIPS1">FIPS standards</A></H3>
|
|
<P>Some things used by<A href="glossary.html#IPSEC"> IPsec</A>, such as<A
|
|
href="glossary.html#DES"> DES</A> and<A href="glossary.html#SHA"> SHA</A>
|
|
, are defined by US government standards called<A href="glossary.html#FIPS">
|
|
FIPS</A>. The issuing organisation,<A href="glossary.html#NIST"> NIST</A>
|
|
, have a<A href="http://www.itl.nist.gov/div897/pubs"> FIPS home page</A>
|
|
.</P>
|
|
<H2><A name="RFCs.tar.gz">What's in the RFCs.tar.gz bundle?</A></H2>
|
|
<P>All filenames are of the form rfc*.txt, with the * replaced with the
|
|
RFC number.</P>
|
|
<PRE>RFC# Title</PRE>
|
|
<H3><A name="rfc.ov">Overview RFCs</A></H3>
|
|
<PRE>2401 Security Architecture for the Internet Protocol
|
|
2411 IP Security Document Roadmap</PRE>
|
|
<H3><A name="basic.prot">Basic protocols</A></H3>
|
|
<PRE>2402 IP Authentication Header
|
|
2406 IP Encapsulating Security Payload (ESP)</PRE>
|
|
<H3><A name="key.ike">Key management</A></H3>
|
|
<PRE>2367 PF_KEY Key Management API, Version 2
|
|
2407 The Internet IP Security Domain of Interpretation for ISAKMP
|
|
2408 Internet Security Association and Key Management Protocol (ISAKMP)
|
|
2409 The Internet Key Exchange (IKE)
|
|
2412 The OAKLEY Key Determination Protocol
|
|
2528 Internet X.509 Public Key Infrastructure</PRE>
|
|
<H3><A name="rfc.detail">Details of various things used</A></H3>
|
|
<PRE>2085 HMAC-MD5 IP Authentication with Replay Prevention
|
|
2104 HMAC: Keyed-Hashing for Message Authentication
|
|
2202 Test Cases for HMAC-MD5 and HMAC-SHA-1
|
|
2207 RSVP Extensions for IPSEC Data Flows
|
|
2403 The Use of HMAC-MD5-96 within ESP and AH
|
|
2404 The Use of HMAC-SHA-1-96 within ESP and AH
|
|
2405 The ESP DES-CBC Cipher Algorithm With Explicit IV
|
|
2410 The NULL Encryption Algorithm and Its Use With IPsec
|
|
2451 The ESP CBC-Mode Cipher Algorithms
|
|
2521 ICMP Security Failures Messages</PRE>
|
|
<H3><A name="rfc.ref">Older RFCs which may be referenced</A></H3>
|
|
<PRE>1321 The MD5 Message-Digest Algorithm
|
|
1828 IP Authentication using Keyed MD5
|
|
1829 The ESP DES-CBC Transform
|
|
1851 The ESP Triple DES Transform
|
|
1852 IP Authentication using Keyed SHA</PRE>
|
|
<H3><A name="rfc.dns">RFCs for secure DNS service, which IPsec may use</A>
|
|
</H3>
|
|
<PRE>2137 Secure Domain Name System Dynamic Update
|
|
2230 Key Exchange Delegation Record for the DNS
|
|
2535 Domain Name System Security Extensions
|
|
2536 DSA KEYs and SIGs in the Domain Name System (DNS)
|
|
2537 RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)
|
|
2538 Storing Certificates in the Domain Name System (DNS)
|
|
2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</PRE>
|
|
<H3><A name="rfc.exp">RFCs labelled "experimental"</A></H3>
|
|
<PRE>2521 ICMP Security Failures Messages
|
|
2522 Photuris: Session-Key Management Protocol
|
|
2523 Photuris: Extended Schemes and Attributes</PRE>
|
|
<H3><A name="rfc.rel">Related RFCs</A></H3>
|
|
<PRE>1750 Randomness Recommendations for Security
|
|
1918 Address Allocation for Private Internets
|
|
1984 IAB and IESG Statement on Cryptographic Technology and the Internet
|
|
2144 The CAST-128 Encryption Algorithm</PRE>
|
|
<HR>
|
|
<A HREF="toc.html">Contents</A>
|
|
<A HREF="biblio.html">Previous</A>
|
|
<A HREF="roadmap.html">Next</A>
|
|
</BODY>
|
|
</HTML>
|