Internet Key Exchange Version 2 (IKEv2) Parameters (last updated 2008-01-23) Registries included below: - IKEv2 Exchange Types - IKEv2 Payload Types - IKEv2 Transform Types - IKEv2 Transform Attribute Types - IKEv2 Encryption Transform IDs - IKEv2 Pseudo-random Function Transform IDs - IKEv2 Integrity Algorithm Transform IDs - IKEv2 Diffie-Hellman Transform IDs - IKEv2 Extended Sequence Numbers Transform IDs - IKEv2 Identification Payload ID Types - IKEv2 Certificate Encodings - IKEv2 Authentication Method - IKEv2 Notify Message Types - IKEv2 Notification IPCOMP Transform IDs - IKEv2 Security Protocol Identifiers - IKEv2 Traffic Selector Types - IKEv2 Configuration Payload CFG Types - IKEv2 Configuration Payload Attribute Types Registry Name: IKEv2 Exchange Types Reference: [RFC4306] Registration Procedures: Expert Review Registry: Value Exchange Type Reference -------- -------------------------- --------- 0-33 Reserved [RFC4306] 34 IKE_SA_INIT [RFC4306] 35 IKE_AUTH [RFC4306] 36 CREATE_CHILD_SA [RFC4306] 37 INFORMATIONAL [RFC4306] 38-239 Unassigned [RFC4306] 240-255 Private use [RFC4306] Registry Name: IKEv2 Payload Types Reference: [RFC4306] Registration Procedures: Expert Review Registry: Value Next Payload Type Notation Reference -------- ------------------------------- --------- --------- 0 No Next Payload [RFC4306] 1-32 Reserved [RFC4306] 33 Security Association SA [RFC4306] 34 Key Exchange KE [RFC4306] 35 Identification - Initiator IDi [RFC4306] 36 Identification - Responder IDr [RFC4306] 37 Certificate CERT [RFC4306] 38 Certificate Request CERTREQ [RFC4306] 39 Authentication AUTH [RFC4306] 40 Nonce Ni, Nr [RFC4306] 41 Notify N [RFC4306] 42 Delete D [RFC4306] 43 Vendor ID V [RFC4306] 44 Traffic Selector - Initiator TSi [RFC4306] 45 Traffic Selector - Responder TSr [RFC4306] 46 Encrypted E [RFC4306] 47 Configuration CP [RFC4306] 48 Extensible Authentication EAP [RFC4306] 49-127 Unassigned [RFC4306] 128-255 Private use [RFC4306] Registry Name: Transform Type Values Reference: [RFC4306] Registration Procedures: Expert Review Registry: Transform Type Description Used In Reference -------- ------------------------------- --------------------------- --------- 0 Reserved [RFC4306] 1 Encryption Algorithm (ENCR) (IKE and ESP) [RFC4306] 2 Pseudo-random Function (PRF) (IKE) [RFC4306] 3 Integrity Algorithm (INTEG) (IKE, AH, optional in ESP) [RFC4306] 4 Diffie-Hellman Group (D-H) (IKE, optional in AH & ESP) [RFC4306] 5 Extended Sequence Numbers (ESN) (Optional in AH and ESP) [RFC4306] 6-240 Unassigned [RFC4306] 241-255 Private use [RFC4306] Registry Name: IKEv2 Transform Attribute Types Reference: [RFC4306] Registration Procedures: Expert Review Registry: Value Attribute Type Format Reference ----------- ---------------------------- ------ --------- 0-13 Reserved [RFC4306] 14 Key Length (in bits) TV [RFC4306] 15-17 Reserved [RFC4306] 18-16383 Unassigned [RFC4306] 16384-32767 Private use [RFC4306] Registry Name: Transform Type 1 - Encryption Algorithm Transform IDs Reference: [RFC4306] Registration Procedures: Expert Review Registry: Number Name Reference ------------ ---------------------------------- --------- 0 Reserved [RFC4306] 1 ENCR_DES_IV64 [RFC1827] 2 ENCR_DES [RFC2405] 3 ENCR_3DES [RFC2451] 4 ENCR_RC5 [RFC2451] 5 ENCR_IDEA [RFC2451] 6 ENCR_CAST [RFC2451] 7 ENCR_BLOWFISH [RFC2451] 8 ENCR_3IDEA [RFC2451] 9 ENCR_DES_IV32 [RFC4306] 10 Reserved [RFC4306] 11 ENCR_NULL [RFC2410] 12 ENCR_AES_CBC [RFC3602] 13 ENCR_AES_CTR [RFC3686] 14 ENCR_AES-CCM_8 [RFC4309] 15 ENCR-AES-CCM_12 [RFC4309] 16 ENCR-AES-CCM_16 [RFC4309] 17 Unassigned 18 AES-GCM with a 8 octet ICV [RFC4106] 19 AES-GCM with a 12 octet ICV [RFC4106] 20 AES-GCM with a 16 octet ICV [RFC4106] 21 ENCR_NULL_AUTH_AES_GMAC [RFC4543] 22 Reserved for IEEE P1619 XTS-AES [Ball] 23-1023 Unassigned [RFC4306] 1024-65535 Private use [RFC4306] Registry Name: Transform Type 2 - Pseudo-random Function Transform IDs Reference: [RFC4306] Registration Procedures: Expert Review Registry: Number Name Reference ------------ ---------------------------------- --------- 0 Reserved [RFC4306] 1 PRF_HMAC_MD5 [RFC2104] 2 PRF_HMAC_SHA1 [RFC2104] 3 PRF_HMAC_TIGER [RFC2104] 4 PRF_AES128_CBC [RFC4434] 5 PRF_HMAC_SHA2_256 [RFC4868] 6 PRF_HMAC_SHA2_384 [RFC4868] 7 PRF_HMAC_SHA2_512 [RFC4868] 8 PRF_AES128_CMAC [RFC4615] 9-1023 Unassigned [RFC4306] 1024-65535 Private use [RFC4306] Registry Name: Transform Type 3 - Integrity Algorithm Transform IDs Reference: [RFC4306] Registration Procedures: Expert Review Registry: Number Name Reference ------------ ---------------------------------- --------- 0 NONE [RFC4306] 1 AUTH_HMAC_MD5_96 [RFC2403] 2 AUTH_HMAC_SHA1_96 [RFC2404] 3 AUTH_DES_MAC [RFC4306] 4 AUTH_KPDK_MD5 [RFC1826] 5 AUTH_AES_XCBC_96 [RFC3566] 6 AUTH_HMAC_MD5_128 [RFC4595] 7 AUTH_HMAC_SHA1_160 [RFC4595] 8 AUTH_AES_CMAC_96 [RFC4494] 9 AUTH_AES_128_GMAC [RFC4543] 10 AUTH_AES_192_GMAC [RFC4543] 11 AUTH_AES_256_GMAC [RFC4543] 12 AUTH_HMAC_SHA2_256_128 [RFC4868] 13 AUTH_HMAC_SHA2_384_192 [RFC4868] 14 AUTH_HMAC_SHA2_512_256 [RFC4868] 15-1023 Unassigned [RFC4306] 1024-65535 Private use [RFC4306] Registry Name: Transform Type 4 - Diffie-Hellman Group Transform IDs Reference: [RFC4306] Registration Procedures: Expert Review Registry: Number Name Reference ------------ ---------------------------------- --------- 0 NONE [RFC4306] 1-2 Defined in Appendix B [RFC4306] 3-4 Reserved [RFC4306] 5 Defined in [RFC3526] [RFC3526] 6-13 Unassigned [RFC4306] 14-18 Defined in [RFC3526] [RFC3526] 19 256-bit random ECP group [RFC4753] 20 384-bit random ECP group [RFC4753] 21 521-bit random ECP group [RFC4753] 22 1024-bit MODP Group with 160-bit [RFC5114] Prime Order Subgroup 23 2048-bit MODP Group with 224-bit [RFC5114] Prime Order Subgroup 24 2048-bit MODP Group with 256-bit [RFC5114] Prime Order Subgroup 25 192-bit Random ECP Group [RFC5114] 26 224-bit Random ECP Group [RFC5114] 27-1023 Unassigned [RFC4306] 1024-65535 Private use [RFC4306] Registry Name: Transform Type 5 - Extended Sequence Numbers Transform IDs Reference: [RFC4306] Registration Procedures: Expert Review Registry: Number Name Reference -------- ---------------------------------- --------- 0 No Extended Sequence Numbers [RFC4306] 1 Extended Sequence Numbers [RFC4306] 2-65535 Reserved [RFC4306] Registry Name: IKEv2 Identification Payload ID Types Reference: [RFC4306] Registration Procedures: Expert Review Registry: Value ID Type Reference -------- ------------------------------------- --------- 0 Reserved [RFC4306] 1 ID_IPV4_ADDR [RFC4306] 2 ID_FQDN [RFC4306] 3 ID_RFC822_ADDR [RFC4306] 4 Unassigned [RFC4306] 5 ID_IPV6_ADDR [RFC4306] 6-8 Unassigned [RFC4306] 9 ID_DER_ASN1_DN [RFC4306] 10 ID_DER_ASN1_GN [RFC4306] 11 ID_KEY_ID [RFC4306] 12 ID_FC_NAME [RFC4595] 13-200 Unassigned [RFC4306] 201-255 Private use [RFC4306] Registry Name: IKEv2 Certificate Encodings Reference: [RFC4306] Registration Procedures: Expert Review Registry: Value Certificate Encoding Reference -------- ----------------------------------- --------- 0 Reserved [RFC4306] 1 PKCS #7 wrapped X.509 certificate [RFC4306] 2 PGP Certificate [RFC4306] 3 DNS Signed Key [RFC4306] 4 X.509 Certificate - Signature [RFC4306] 5 Reserved [RFC4306] 6 Kerberos Token [RFC4306] 7 Certificate Revocation List (CRL) [RFC4306] 8 Authority Revocation List (ARL) [RFC4306] 9 SPKI Certificate [RFC4306] 10 X.509 Certificate - Attribute [RFC4306] 11 Raw RSA Key [RFC4306] 12 Hash and URL of X.509 certificate [RFC4306] 13 Hash and URL of X.509 bundle [RFC4306] 14 OCSP Content [RFC4806] 15-200 Unassigned [RFC4306] 201-255 Private use [RFC4306] Registry Name: IKEv2 Authentication Method Reference: [RFC4306] Registration Procedures: Expert Review Registry: Value Authentication Method Reference -------- ------------------------------------------ --------- 0 Reserved [RFC4306] 1 RSA Digital Signature [RFC4306] 2 Shared Key Message Integrity Code [RFC4306] 3 DSS Digital Signature [RFC4306] 4-8 Unassigned [RFC4306] 9 ECDSA with SHA-256 on the P-256 curve [RFC4754] 10 ECDSA with SHA-384 on the P-384 curve [RFC4754] 11 ECDSA with SHA-512 on the P-521 curve [RFC4754] 12-200 Unassigned [RFC4306] 201-255 Private use [RFC4306] Registry Name: IKEv2 Notify Message Types - Error Types Reference: [RFC4306] Range Registration Procedures Notes ----------- ----------------------------- ----- 0-8191 Expert Review 8192-16383 Private use Registry: Value NOTIFY MESSAGES - ERROR TYPES Reference ------------ -------------------------------- --------- 0 Reserved [RFC4306] 1 UNSUPPORTED_CRITICAL_PAYLOAD [RFC4306] 2-3 Reserved [RFC4306] 4 INVALID_IKE_SPI [RFC4306] 5 INVALID_MAJOR_VERSION [RFC4306] 6 Reserved [RFC4306] 7 INVALID_SYNTAX [RFC4306] 8 Reserved [RFC4306] 9 INVALID_MESSAGE_ID [RFC4306] 10 Reserved [RFC4306] 11 INVALID_SPI [RFC4306] 12-13 Reserved [RFC4306] 14 NO_PROPOSAL_CHOSEN [RFC4306] 15-16 Reserved [RFC4306] 17 INVALID_KE_PAYLOAD [RFC4306] 18-23 Reserved [RFC4306] 24 AUTHENTICATION_FAILED [RFC4306] 25-33 RESERVED [RFC4306] 34 SINGLE_PAIR_REQUIRED [RFC4306] 35 NO_ADDITIONAL_SAS [RFC4306] 36 INTERNAL_ADDRESS_FAILURE [RFC4306] 37 FAILED_CP_REQUIRED [RFC4306] 38 TS_UNACCEPTABLE [RFC4306] 39 INVALID_SELECTORS [RFC4306] 40 UNACCEPTABLE_ADDRESSES [RFC4555] 41 UNEXPECTED_NAT_DETECTED [RFC4555] 42 USE_ASSIGNED_HoA [RFC5026] 43-8191 Unassigned [RFC4306] 8192-16383 Private use [RFC4306] Registry Name: IKEv2 Notify Message Types - Status Types Reference: [RFC4306] Range Registration Procedures Notes ----------- ----------------------------- ----- 16384-40959 Expert Review 40960-65535 Private use Registry: Value NOTIFY MESSAGES - STATUS TYPES Reference ------------ -------------------------------- --------- 16384 INITIAL_CONTACT [RFC4306] 16385 SET_WINDOW_SIZE [RFC4306] 16386 ADDITIONAL_TS_POSSIBLE [RFC4306] 16387 IPCOMP_SUPPORTED [RFC4306] 16388 NAT_DETECTION_SOURCE_IP [RFC4306] 16389 NAT_DETECTION_DESTINATION_IP [RFC4306] 16390 COOKIE [RFC4306] 16391 USE_TRANSPORT_MODE [RFC4306] 16392 HTTP_CERT_LOOKUP_SUPPORTED [RFC4306] 16393 REKEY_SA [RFC4306] 16394 ESP_TFC_PADDING_NOT_SUPPORTED [RFC4306] 16395 NON_FIRST_FRAGMENTS_ALSO [RFC4306] 16396 MOBIKE_SUPPORTED [RFC4555] 16397 ADDITIONAL_IP4_ADDRESS [RFC4555] 16398 ADDITIONAL_IP6_ADDRESS [RFC4555] 16399 NO_ADDITIONAL_ADDRESSES [RFC4555] 16400 UPDATE_SA_ADDRESSES [RFC4555] 16401 COOKIE2 [RFC4555] 16402 NO_NATS_ALLOWED [RFC4555] 16403 AUTH_LIFETIME [RFC4478] 16404 MULTIPLE_AUTH_SUPPORTED [RFC4739] 16405 ANOTHER_AUTH_FOLLOWS [RFC4739] 16406-40959 Unassigned [RFC4306] 40960-65535 Private use [RFC4306] Sub-registry: IKEv2 Notification IPCOMP Transform IDs (Value 16387) Reference: [RFC4306] Registration Procedures: Registry: Value Compression Type Reference -------- ---------------------- --------- 0 Reserved [RFC4306] 1 IPCOMP_OUI [RFC4306] 2 IPCOMP_DEFLATE [RFC2394] 3 IPCOMP_LZS [RFC2395] 4 IPCOMP_LZJH [RFC3051] 5-240 Unassigned [RFC4306] 241-255 Private use [RFC4306] Registry Name: IKEv2 Security Protocol Identifiers Reference: [RFC4306] Registration Procedures: Expert Review Registry: Protocol ID Protocol Reference ----------- ---------------------- --------- 0 Reserved [RFC4306] 1 IKE [RFC4306] 2 AH [RFC4306] 3 ESP [RFC4306] 4 FC_ESP_HEADER [RFC4595] 5 FC_CT_AUTHENTICATION [RFC4595] 6-200 Unassigned [RFC4306] 201-255 Private use [RFC4306] Registry Name: IKEv2 Traffic Selector Types Reference: [RFC4306] Registration Procedures: Expert Review Registry: Value TS Type Reference -------- -------------------------- --------- 0-6 Reserved [RFC4306] 7 TS_IPV4_ADDR_RANGE [RFC4306] 8 TS_IPV6_ADDR_RANGE [RFC4306] 9 TS_FC_ADDR_RANGE [RFC4595] 10-240 Unassigned [RFC4306] 241-255 Private use [RFC4306] Registry Name: IKEv2 Configuration Payload CFG Types Reference: [RFC4306] Registration Procedures: Expert Review Registry: Value CFG Type Reference -------- ------------------- --------- 0 Reserved [RFC4306] 1 CFG_REQUEST [RFC4306] 2 CFG_REPLY [RFC4306] 3 CFG_SET [RFC4306] 4 CFG_ACK [RFC4306] 5-127 Unassigned [RFC4306] 128-255 Private use [RFC4306] Registry Name: IKEv2 Configuration Payload Attribute Types Reference: [RFC4306] Registration Procedures: Expert Review Note: Attribute Types with an "*" may be multi-valued on return only if multiple values were requested. Registry: Value Attribute Type Multi-Valued Length Reference ----------- -------------------------- ------------ -------------- --------- 0 Reserved [RFC4306] 1 INTERNAL_IP4_ADDRESS YES* 0 or 4 octets [RFC4306] 2 INTERNAL_IP4_NETMASK NO 0 or 4 octets [RFC4306] 3 INTERNAL_IP4_DNS YES 0 or 4 octets [RFC4306] 4 INTERNAL_IP4_NBNS YES 0 or 4 octets [RFC4306] 5 INTERNAL_ADDRESS_EXPIRY NO 0 or 4 octets [RFC4306] 6 INTERNAL_IP4_DHCP YES 0 or 4 octets [RFC4306] 7 APPLICATION_VERSION NO 0 or more [RFC4306] 8 INTERNAL_IP6_ADDRESS YES* 0 or 17 octets [RFC4306] 9 Reserved [RFC4306] 10 INTERNAL_IP6_DNS YES 0 or 16 octets [RFC4306] 11 INTERNAL_IP6_NBNS YES 0 or 16 octets [RFC4306] 12 INTERNAL_IP6_DHCP YES 0 or 16 octets [RFC4306] 13 INTERNAL_IP4_SUBNET YES 0 or 8 octets [RFC4306] 14 SUPPORTED_ATTRIBUTES NO Multiple of 2 [RFC4306] 15 INTERNAL_IP6_SUBNET YES 17 octets [RFC4306] 16 MIP6_HOME_PREFIX YES 0 or 21 octets [RFC5026] 17-16383 Unassigned [RFC4306] 16384-32767 Private Use [RFC4306] References ---------- [RFC1826] R. Atkinson, "IP Authentication Header", RFC 1826, August 1995. [RFC1827] R. Atkinson, "IP Encapsulating Security Payload (ESP)", RFC 1827, August 1995. [RFC2104] H. Krawczyk, M. Bellare, and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997. [RFC2394] R. Pereira, "IP Payload Compression Using DEFLATE", RFC 2394, December 1998. [RFC2395] R. Friend and R. Monsour, "IP Payload Compression Using LZS", RFC 2395, December 1998. [RFC2403] C. Madson and R. Glenn, "The Use of HMAC-MD5-96 within ESP and AH", RFC 2403, November 1998. [RFC2404] C. Madson and R. Glenn, "The Use of HMAC-SHA-1-96 within ESP and AH", RFC 2404, November 1998. [RFC2405] C. Madson and N. Doraswamy, "The ESP DES-CBC Cipher Algorithm With Explicit IV", RFC 2405, November 1998. [RFC2410] R. Glenn and S. Kent, "The NULL Encryption Algorithm and Its Use With IPsec", November 1998. [RFC2451] K. Poduri and K. Nichols, "Simulation Studies of Increased Initial TCP Window Size", RFC 2451, September 1998. [RFC3051] J. Heath and J. Border, "IP Payload Compression Using ITU-T V.44 Packet Method", RFC 3051, January 2001. [RFC3526] T. Kivinen and M. Kojo, "More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)", RFC 3526, May 2003. [RFC3566] S. Frankel and H. Herbert, "The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec", RFC 3566, September 2003. [RFC3602] S. Frankel, R. Glenn, and S. Kelly, "The AES-CBC Cipher Algorithm and Its Use with IPsec", RFC 3602, September 2003. [RFC3686] R. Housley, "Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP)", RFC 3686, January 2004. [RFC4106] J. Viega and D. McGrew, "The Use of Galois/Counter Mode (GCM) in IPsec ESP", RFC 4106, June 2005. [RFC4306] C. Kaufman, Ed., "Internet Key Exchange (IKEv2) Protocol", RFC 4306, December 2005. [RFC4309] R. Housley, "Using AES CCM Mode With IPsec E", RFC 4309, December 2005. [RFC4434] P. Hoffman, "The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)", RFC 4434, February 2006. [RFC4478] Y. Nir, "Repeated Authentication in IKEv2", RFC 4478, April 2006. [RFC4494] J. Song, R. Poovendran and J. Lee, "The AES-CMAC-96 Algorithm and its use with IPsec", RFC 4494, June 2006. [RFC4543] D. McGrew and J. Viega, "The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH", RFC 4543, May 2006. [RFC4555] P. Eronen, "IKEv2 Mobility and Multihoming Protocol (MOBIKE)", RFC 4555, June 2006. [RFC4595] F. Maino and D. Black, "Use of IKEv2 in The Fibre Channel Security Association Management Protocol", RFC 4595, July 2006. [RFC4615] J. Song, R. Poovendran, J. Lee and T. Iwata, "The AES-CMAC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)", RFC 4615, August 2006. [RFC4739] P. Eronen, J. Korhonen, "Multiple Authentication Exchanges in IKEv2", RFC 4739, November 2006. [RFC4753] D. Fu, J. Solinas, "ECP Groups For IKE and IKEv2", RFC 4753, January 2007. [RFC4754] D. Fu, J. Solinas, "IKE and IKEv2 Authentication Using ECDSA", RFC 4754, January 2007. [RFC4806] M. Myers, H. Tschofenig, "OCSP Extensions to IKEv2", RFC 4806, February 2007. [RFC4868] S. Kelly, S. Frankel, "Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 With IPsec", RFC 4868, May 2007. [RFC5026] G. Giaretta, Ed., J. Kempf and V. Devarapalli, Ed., "Mobile IPv6 bootstrapping in split scenario", RFC 5026, October 2007. [RFC5114] M. Lepinski, S. Kent, "Additional Diffie-Hellman Groups for use with IETF Standards", RFC 5114, January 2008. People ------ [Ball] Matt Ball, , 2007-10-11. (registry created 2005-01-18) []