Group Secure Association Group Management Protocol (GSAKMP) Parameters
2005-07-27
2018-09-12
GSAKMP Group Identification Types
Standards Action
Reserved
0
UTF-8
1
Format defined in Section 7.1.1.1.1 of .
Octet String
2
This type MUST be implemented.
Format defined in Section 7.1.1.1.2 of .
IPv4
3
Format defined in Section 7.1.1.1.3 of .
IPv6
4
Format defined in Section 7.1.1.1.4 of .
Reserved to IANA
5-192
Private Use
193-255
GSAKMP Payload Types
Standards Action
None
0
Policy Token
1
Key Download Packet
2
Rekey event
3
Identification
4
Reserved
5
Certificate
6
Reserved
7
Signature
8
Notification
9
Vendor ID
10
Key Creation
11
Nonce
12
Reserved to IANA
13-192
Private Use
193-255
GSAKMP Exchange Types
Standards Action
Reserved
0-3
Key Download Ack/Failure
4
Rekey Event
5
Reserved
6-7
Request to Join
8
Key Download
9
Cookie Download
10
Request to Join Error
11
Lack of Ack
12
Request to Depart
13
Departure Response
14
Departure Ack
15
Reserved to IANA
16-192
Private Use
193-255
GSAKMP Policy Token Types
Standards Action
Reserved
0
GSAKMP_ASN.1_PT_V1
1
All implementations of GSAKMP MUST support this PT format.
Format specified in .
Reserved to IANA
2-49152
Private Use
49153-65535
GSAKMP Key Download Data Item Types
Standards Action
GTPK
0
This type MUST be implemented.
This type identifies that the
data contains group traffic
protection key information.
Rekey - LKH
1
Optional
Reserved to IANA
2-192
Private Use
193-255
GSAKMP Cryptographic Key Types
Expert Review
Unassigned
Reserved
0-2
3DES_CBC64_192
3
Reserved
4-11
AES_CBC_128
12
This type MUST be
supported.
AES_CTR
13
Reserved to IANA
14-49152
Private Use
49153-65535
GSAKMP Rekey Event Types
Standards Action
None
0
This type MUST be implemented.
In this case, the size of the Rekey
Event Data field will be zero bytes
long. The purpose of a Rekey Event
Payload with type None is when it is
necessary to send out a new token
with no rekey information. GSAKMP
Rekey Msg requires a Rekey Event
Payload, and in this instance it
would have rekey data of type None.
GSAKMP_LKH
1
The rekey data will be of
type LKH formatted according to
GSAKMP. The format for this field
is defined in Section 7.5.1.2 of .
Reserved to IANA
2-192
Private Use
193-255
GSAKMP Identification Classification
Standards Action
Sender
0
Receiver
1
Third Party
2
Reserved to IANA
3-192
Private Use
193-255
GSAKMP Identification Types
Expert Review
Unassigned
Reserved
0
ID_IPV4_ADDR
1
SubjAltName
iPAddress
See Section 3.5 of .
ID_FQDN
2
SubjAltName
dNSName
See Section 3.5 of .
ID_RFC822_ADDR
3
SubjAltName
rfc822Name
See Section 3.5 of .
Reserved
4
ID_IPV6_ADDR
5
SubjAltName
iPAddress
See Section 3.5 of .
Reserved
6-8
ID_DER_ASN1_DN
9
Entire Subject,
bitwise Compare
See Section 3.5 of .
Reserved
10
ID_KEY_ID
11
N/A
See Section 3.5 of .
Reserved
12-29
Unencoded Name (ID_U_NAME)
30
Subject
The format for this type is defined in Section 7.6.1.1
of .
ID_DN_STRING
31
Subject
See .
This type MUST be implemented.
Reserved to IANA
32-192
Private Use
193-255
GSAKMP Certificate Types
Expert Review
Unassigned
None
0
Reserved
1-3
X.509v3 Certificate -- Signature -- DER Encoding
4
This type MUST be implemented. Contains a DER encoded X.509 certificate.
Reserved
5-6
Certificate Revocation List (CRL)
7
Contains a BER
encoded X.509 CRL.
Reserved
8-9
X.509 Certificate -- Attribute
10
See Section 3.6 of .
Raw RSA Key
11
See Section 3.6 of .
Hash and URL of X.509 Certificate
12
See Section 3.6 of .
Hash and URL of X.509 bundle
13
See Section 3.6 of .
Reserved to IANA
14-49152
Private Use
49153-65535
GSAKMP Signature Types
Expert Review
Unassigned
DSS/SHA1 with ASN.1/DER encoding (DSS-SHA1-ASN1-DER)
0
This type MUST be supported.
RSA1024-MD5
1
ECDSA-P384-SHA3
2
NIST, "Digital Signature Standard", FIPS PUB 186-2,
National Institute of Standards and Technology, U.S. Department of
Commerce, January 2000.
Reserved to IANA
3-41952
Private Use
41953-65536
GSAKMP Notification Types
Standards Action
None
0
Invalid-Payload-Type
1
Reserved
2-3
Invalid-Version
4
Invalid-Group-ID
5
Invalid-Sequence-ID
6
Payload-Malformed
7
Invalid-Key-Information
8
Invalid-ID-Information
9
Reserved
10
Invalid-Certificate
11
Cert-Type-Unsupported
12
Invalid-Cert-Authority
13
Authentication-Failed
14
Reserved
15-16
Certificate-Unavailable
17
Reserved
18
Unauthorized-Request
19
Reserved
20-22
Acknowledgment
23
Reserved
24-25
Nack
26
Cookie-Required
27
Cookie
28
Mechanism Choices
29
Leave Group
30
Departure Accepted
31
Request to Depart Error
32
Invalid Exchange Type
33
IPv4 Value
34
IPv6 Value
35
Prohibited by Group Policy
36
Prohibited by Locally Configured Policy
37
Reserved to IANA
38-49152
Private Use
49153-65535
GSAKMP Acknowledgment Types
Standards Action
Simple
0
Data portion null.
Reserved to IANA
1-192
Private Use
193-255
GSAKMP Mechanism Types
Standards Action
Key Creation Algorithm
0
Table 26,
Encryption Algorithm
1
Table 16,
Nonce Hash Algorithm
2
Table 25,
Reserved to IANA
3-192
Private Use193-255
GSAKMP Nonce Hash Types
Expert Review
Unassigned
Reserved
0
SHA-1
1
This type MUST be supported.
Reserved to IANA
2-49152
Private Use
49153-65535
GSAKMP Key Creation Types
Expert Review
Unassigned
Reserved
0-1
Diffie-Hellman. 1024-bit MODP Group. Truncated
2
This type MUST be supported. Defined in
B.2. If the output of the process is longer than needed for the defined mechanism,
use the first X low order bits, and truncate the remainder.
Reserved
3-13
Diffie-Hellman. 2048-bit MODP Group. Truncated
14
If the output of the process is longer than needed for the defined mechanism, use the first X low order bits, and truncate the remainder.
Reserved to IANA
15-49152
Private Use
49153-65535
GSAKMP Nonce Types
Standards Action
None
0
Initiator (Nonce_I)
1
Responder (Nonce_R)
2
Combined (Nonce_C)
3
Hash (Append
(Initiator_Value,Responder_Value))
The hash type comes from the
Policy (e.g., Security Suite
Definition of Policy Token).
Reserved to IANA
4-192
Private Use
192-255