Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX IPSec version A.02.00 Administrator's Guide: HP-UX 11i version 1 and HP-UX 11i version 2 > Appendix A Product Specifications

IPSec RFCs
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

The HP-UX IPSec product conforms to the Internet Engineering Task Force (IETF) RFCs listed below:

Table A-1 Supported IPSec RFCs

RFC NumberRFC Title
RFC 2401Security Architecture for the Internet Protocol
RFC 2402IP Authentication Header
RFC 2403The Use of HMAC-MD5-96 within ESP and AH
RFC 2404The Use of HMAC-SHA-1-96 within ESP and AH

RFC 2405

The ESP DES-CBC Cipher Algorithm with Explicit IV
RFC 2406IP Encapsulating Security Payload (ESP)
RFC 2407The Internet IP Security Domain of Interpretation for ISAKMP
RFC 2408Internet Security Association and Key Management Protocol (ISAKMP)
RFC 2409The Internet Key Exchange (IKE)
RFC 2410The NULL Encryption Algorithm and Its Use with IPsec
RFC 2411IP Security Document Roadmap
RFC 2412

The OAKLEY Key Determination Protocol

RFC 3602

The AES-CBC Cipher Algorithm and Its Use with IPsec

RFC 3775

Mobility Support in IPv6

RFC 3776

Using IPsec to Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents

 

RFC 3776 Mandatory Support

RFC 3776, Using IPsec to Protect Mobile IPv6 Signaling Between Mobile Nodes and Home Agents, section 4.1, Mandatory Support contains the following mandatory support specifications for securing Mobile IPv6 packets.

The following requirements apply to both home agents and mobile nodes:

  • Manual configuration of IPsec security associations MUST be supported. The configuration of the keys is expected to take place out-of-band, for instance at the time the mobile node is configured to use its home agent.

  • Automatic key management with IKE [4] MAY be supported. Only IKEv1 is discussed in this document. Other automatic key management mechanisms exist and will appear beyond IKEv1, but this document does not address the issues related to them.

  • ESP encapsulation of Binding Updates and Acknowledgements between the mobile node and home agent MUST be supported and MUST be used.

  • ESP encapsulation of the Home Test Init and Home Test messages tunneled between the mobile node and home agent MUST be supported and SHOULD be used.

  • ESP encapsulation of the ICMPv6 messages related to prefix discovery MUST be supported and SHOULD be used.

  • ESP encapsulation of the payload packets tunneled between the mobile node and home agent MAY be supported and used.

  • If multicast group membership control protocols or stateful address autoconfiguration protocols are supported, payload data protection MUST be supported for those protocols.



Appendix A Product Specifications
  		 


Product Restrictions  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2004 Hewlett-Packard Development Company, L.P.