The Linux FreeS/WAN distribution is available from:
our primary distribution site and various mirror sites. To give people more control over their downloads, the RFCs that define IP security are bundled separately in the file RFCs.tar.gz.The file you are reading is included in the main distribution and is available on the web site. It describes the RFCs included in the RFCs.tar.gz bundle and gives some pointers to other ways to get them.
RFCs are downloadble at many places around the net such as:
browsable in HTML form at others such as:
and some of them are available in translation:
There is also a published Big Book of IPSEC RFCs.
Internet Drafts, working documents which sometimes evolve into RFCs, are also available.
Note: some of these may be obsolete, replaced by later drafts or by RFCs.
Some things used by IPSEC, such as DES and SHA, are defined by US government standards called FIPS. The issuing organisation, NIST , have a FIPS home page .
At least one vendor sells CD-ROMs of RFCs and Internet Drafts:
Note: The 2401-2412 group of IPSEC RFCs were issued in late November 1998, and the 2535-2539 group on Secure DNS in March 1999, so an older CD may not be particularly useful if these areas are your main concern.
All filenames are of the form rfc*.txt, with the * replaced with the RFC number.
RFC# Title
2401 Security Architecture for the Internet Protocol 2411 IP Security Document Roadmap
2402 IP Authentication Header 2406 IP Encapsulating Security Payload (ESP)
2367 PF_KEY Key Management API, Version 2 2407 The Internet IP Security Domain of Interpretation for ISAKMP 2408 Internet Security Association and Key Management Protocol (ISAKMP) 2409 The Internet Key Exchange (IKE) 2412 The OAKLEY Key Determination Protocol 2528 Internet X.509 Public Key Infrastructure
2085 HMAC-MD5 IP Authentication with Replay Prevention 2104 HMAC: Keyed-Hashing for Message Authentication 2202 Test Cases for HMAC-MD5 and HMAC-SHA-1 2207 RSVP Extensions for IPSEC Data Flows 2403 The Use of HMAC-MD5-96 within ESP and AH 2404 The Use of HMAC-SHA-1-96 within ESP and AH 2405 The ESP DES-CBC Cipher Algorithm With Explicit IV 2410 The NULL Encryption Algorithm and Its Use With IPsec 2451 The ESP CBC-Mode Cipher Algorithms 2521 ICMP Security Failures Messages
1321 The MD5 Message-Digest Algorithm 1828 IP Authentication using Keyed MD5 1829 The ESP DES-CBC Transform 1851 The ESP Triple DES Transform 1852 IP Authentication using Keyed SHA
2137 Secure Domain Name System Dynamic Update 2230 Key Exchange Delegation Record for the DNS 2535 Domain Name System Security Extensions 2536 DSA KEYs and SIGs in the Domain Name System (DNS) 2537 RSA/MD5 KEYs and SIGs in the Domain Name System (DNS) 2538 Storing Certificates in the Domain Name System (DNS) 2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS)
2521 ICMP Security Failures Messages 2522 Photuris: Session-Key Management Protocol 2523 Photuris: Extended Schemes and Attributes
1750 Randomness Recommendations for Security 1918 Address Allocation for Private Internets 1984 IAB and IESG Statement on Cryptographic Technology and the Internet 2144 The CAST-128 Encryption Algorithm