Group Domain of Interpretation (GDOI) Payloads
2003-03-28
2017-12-26
In all cases, new assigned numbers and values must be added due to a
Standards Action as defined in .
GDOI ID Payload Type Values
Standards Action
When an ISAKMP identification payload is used with GDOI, the assigned
values for the Identification Type field are interpreted according to
this registry.
The GDOI ID Payload Type is an 8-bit value that is used as a
discriminator for interpretation of the variable-length Identification
Payload. The following table describes ID Payload Types.
0-10
Reserved
11
ID_KEY_ID
12
Reserved
13-127
Unassigned
128-255
Private Use
SA KEK Payload Values
SA KEK Payload Values - POP Algorithm
Standards Action
The POP algorithm is a 16-bit value that is used to describe the
encryption algorithm of the POP payload.
0
Reserved
1
POP_ALG_RSA
2
POP_ALG_DSS
3
POP_ALG_ECDSS
4-127
Unassigned
128-255
Private Use
256-32767
Unassigned
SA KEK Payload Values - KEK Attributes
Standards Action
The KEK Attribute consists of a 16-bit type and its associated value.
KEK attributes are used to pass policy from a GCKS to a group member.
0
Reserved
1
KEK_MANAGEMENT_ALGORITHM
B
2
KEK_ALGORITHM
B
3
KEK_KEY_LENGTH
B
4
KEK_KEY_LIFETIME
V
5
SIG_HASH_ALGORITHM
B
6
SIG_ALGORITHM
B
7
SIG_KEY_LENGTH
B
8
KE_OAKLEY_GROUP
B
9
KEK_ACK_REQUESTED
B
10-127
Unassigned
128-255
Private Use
256-32767
Unassigned
SA KEK Payload Values - KEK_MANAGEMENT_ALGORITHM
Standards Action
0
Reserved
1
LKH
2-127
Unassigned
128-255
Private Use
256-65535
Unassigned
SA KEK Payload Values - KEK_ALGORITHM
Standards Action
0
RESERVED
1
KEK_ALG_DES
2
KEK_ALG_3DES
3
KEK_ALG_AES
4-127
Unassigned
128-255
Private Use
256-65535
Unassigned
SA KEK Payload Values - KEK_KEY_LENGTH
Standards Action
The KEK_KEY_LENGTH class specifies the KEK Algorithm key
length (in bits).
SA KEK Payload Values - KEK_KEY_LIFETIME
Standards Action
SA KEK Payload Values - SIG_HASH_ALGORITHM
Standards Action
0
Reserved
1
SIG_HASH_MD5
2
SIG_HASH_SHA1
3
SIG_HASH_SHA256
4
SIG_HASH_SHA384
5
SIG_HASH_SHA512
6-127
Unassigned
128-255
Private Use
256-65535
Unassigned
SA KEK Payload Values - SIG_ALGORITHM
Standards Action
0
Reserved
1
SIG_ALG_RSA
2
SIG_ALG_DSS
3
SIG_ALG_ECDSS
4
SIG_ALG_ECDSA-256
5
SIG_ALG_ECDSA-384
6
SIG_ALG_ECDSA-521
7-127
Unassigned
128-255
Private Use
256-65535
Unassigned
SA KEK Payload Values - SIG_KEY_LENGTH
Standards Action
The SIG_KEY_LENGTH class specifies the length of the SIG payload key.
SA KEK Payload Values - KE_OAKLEY_GROUP
Standards Action
SA KEK Payload Values - KEK_ACK_REQUESTED
Specification Required
Brian Weis
0
Reserved
1
REKEY_ACK_KEK_SHA256
2
REKEY_ACK_LKH_SHA256
3
REKEY_ACK_KEK_SHA512
4
REKEY_ACK_LKH_SHA512
5-128
Unassigned
129-255
Private Use
SA TEK Payload Values
SA TEK Payload Values - Protocol-ID
Standards Action
The SA_TEK protocol-ID is an 8-bit value that is used to describe the
type of TEK is included in the SA_TEK payload. The following table
defines values for the Security Protocol
0
RESERVED
1
GDOI_PROTO_IPSEC_ESP
2
GDOI_PROTO_IPSEC_AH
3
GDOI_PROTO_IEC_61850
4-127
Unassigned
128-255
Private Use
Key Download Type Values
Standards Action
The Key Download Type is an 8-bit value that is used as a discriminator
for interpretation of the variable-length Key Packet.
0
Reserved
1
TEK
2
KEK
3
LKH
4
SID
5-127
Unassigned
128-255
Private Use
TEK Download Type
Standards Action
0
RESERVED
1
TEK_ALGORITHM_KEY
V
2
TEK_INTEGRITY_KEY
V
3
TEK_SOURCE_AUTH_KEY
V
4-127
Unassigned
128-255
Private Use
256-32767
Unassigned
KEK Download Type
Standards Action
The following attributes may be present in a KEK download Type. In the
table, attributes that are defined as TV are marked as Basic (B);
attributes which are defined as TLV are marked as Variable (V).
0
RESERVED
1
KEK_ALGORITHM_KEY
V
2
SIG_ALGORITHM_KEY
V
3-127
Unassigned
128-255
Private Use
256-32767
Unassigned
LKH Download Type
Standards Action
0
Reserved
1
LKH_DOWNLOAD_ARRAY
V
2
LKH_UPDATE_ARRAY
V
3
SIG_ALGORITHM_KEY
V
4-127
Unassigned
128-255
Private Use
256-32767
Unassigned
SID Download Type
Standards Action
0
RESERVED
1
NUMBER_OF_SID_BITS
B
2
SID_VALUE
V
3-128
Unassigned
129-255
Private Use
256-32767
Unassigned
GAP Payload Policy Attributes
Standards Action
0
RESERVED
1
ACTIVATION_TIME_DELAY
B
2
DEACTIVATION_TIME_DELAY
B
3
SENDER_ID_REQUEST
B
4-127
Unassigned
128-255
Private Use
256-32767
Unassigned
IEC 62351-9 Authentication Values
Expert Review
Brian Weis, Tero Kivinen
0
Reserved
1
NONE
2
HMAC-SHA256-128
3
HMAC-SHA256
4
AES-GMAC-128
5
AES-GMAC-256
6-61439
Unassigned
61440-65535
Reserved for Private Use
IEC 62351-9 Confidentiality Values
Expert Review
Brian Weis, Tero Kivinen
0
Reserved
1
NONE
2
AES-CBC-128
N
3
AES-CBC-256
N
4
AES-GCM-128
Y
5
AES-GCM-256
Y
6-61439
Unassigned
61440-65535
Reserved for Private Use
GDOI SA TEK Attributes
Expert Review
Brian Weis, Tero Kivinen
0
Reserved
1
SA_ATD
V
2
SA_KDA
B
3-28671
Unassigned
28672-32767
Reserved for Private Use
ID Types
Expert Review
Brian Weis, Tero Kivinen
0
Reserved
1
ID_IPV4_ADDR
2
ID_FQDN
3
ID_USER_FQDN
4
ID_IPV4_ADDR_SUBNET
5
ID_IPV6_ADDR
6
ID_IPV6_ADDR_SUBNET
7
ID_IPV4_ADDR_RANGE
8
ID_IPV6_ADDR_RANGE
9
ID_DER_ASN1_DN
10
ID_DER_ASN1_GN
11
ID_KEY_ID
12
ID_LIST
13
ID_OID
14-61439
Unassigned
61440-65535
Reserved for Private Use
GDOI DOI Exchange Types
Specification Required
Brian Weis
GROUPKEY-PULL
32
GROUPKEY-PUSH
33
Known Unregistered Use
34
GROUPKEY-PUSH-ACK
35
Unassigned
36-239