Internet Assigned Numbers Authority "Magic Numbers" for ISAKMP Protocol Last Updated 2023-04-25 Note All registries listed below have been closed. See [RFC9395]. Available Formats [IMG] XML [IMG] HTML [IMG] Plain text Registries included below • IPSEC Situation Definition • IPSEC Security Protocol Identifiers • IPSEC ISAKMP Transform Identifiers • IPSEC AH Transform Identifiers • IPSEC ESP Transform Identifiers • IPSEC IPCOMP Transform Identifiers • IPSEC Security Association Attributes • SA Life Type Values (Value 1) • Group Description (Value 3) • Encapsulation Mode (Value 4) • Authentication Algorithm (Value 5) • Compression Private Algorithm (Value 9) • ECN Tunnel (Value 10) • Extended (64-bit) Sequence Number (Value 11) • Signature Encoding Algorithm Values (Value 13) • Address Preservation (Value 14) • SA Direction (Value 15) • IPSEC Labeled Domain Identifiers • IPSEC Identification Type • IPSEC Notify Message Types • Notify Messages - Error Types (8192-16383) • Notify Messages - Status Types (24576-32767) IPSEC Situation Definition Registration Procedure(s) Registry closed Reference [RFC2407][RFC9395] Note The Situation Definition is a 32-bit bitmask which represents the environment under which the IPSEC SA proposal and negotiation is carried out. Requests for assignments of new situations must be accompanied by an RFC which describes the interpretation for the associated bit. If the RFC is not on the standards-track (i.e., it is an informational or experimental RFC), it must be explicitly reviewed and approved by the IESG before the RFC is published and the transform identifier is assigned. The upper two bits are reserved for private use amongst cooperating systems. Available Formats [IMG] CSV Value Situation References 0x01 SIT_IDENTITY_ONLY [RFC2407] 0x02 SIT_SECRECY [RFC2407] 0x04 SIT_INTEGRITY [RFC2407] IPSEC Security Protocol Identifiers Registration Procedure(s) Registry closed Reference [RFC2407][RFC9395] Note The Security Protocol Identifier is an 8-bit value which identifies a security protocol suite being negotiated. Requests for assignments of new security protocol identifiers must be accompanied by an RFC which describes the requested security protocol. [AH] and [ESP] are examples of security protocol documents. If the RFC is not on the standards-track (i.e., it is an informational or experimental RFC), it must be explicitly reviewed and approved by the IESG before the RFC is published and the transform identifier is assigned. Available Formats [IMG] CSV Value Protocol ID References 0 RESERVED [RFC2407] 1 PROTO_ISAKMP [RFC2407] 2 PROTO_IPSEC_AH [RFC2407] 3 PROTO_IPSEC_ESP [RFC2407] 4 PROTO_IPCOMP [RFC2407] 5 PROTO_GIGABEAM_RADIO [RFC4705] 6-248 Unassigned 249-255 Reserved for private use IPSEC ISAKMP Transform Identifiers Registration Procedure(s) Registry closed Reference [RFC2407][RFC9395] Note The IPSEC ISAKMP Transform Identifier is an 8-bit value which identifies a key exchange protocol to be used for the negotiation. Requests for assignments of new ISAKMP transform identifiers must be accompanied by an RFC which describes the requested key exchange protocol. [IKE] is an example of one such document. If the RFC is not on the standards-track (i.e., it is an informational or experimental RFC), it must be explicitly reviewed and approved by the IESG before the RFC is published and the transform identifier is assigned. Available Formats [IMG] CSV Value Transform References 0 RESERVED [RFC2407] 1 KEY_IKE [RFC2407] 2-248 Unassigned 249-255 Reserved for private use IPSEC AH Transform Identifiers Registration Procedure(s) Registry closed Reference [RFC2407][RFC9395] Note The IPSEC AH Transform Identifier is an 8-bit value which identifies a particular algorithm to be used to provide integrity protection for AH. Requests for assignments of new AH transform identifiers must be accompanied by an RFC which describes how to use the algorithm within the AH framework ([AH]). If the RFC is not on the standards-track (i.e., it is an informational or experimental RFC), it must be explicitly reviewed and approved by the IESG before the RFC is published and the transform identifier is assigned. Available Formats [IMG] CSV Value Transform ID References 0-1 RESERVED [RFC2407] 2 AH_MD5 [RFC2407] 3 AH_SHA [RFC2407] 4 AH_DES [RFC2407] 5 AH_SHA2-256 [RFC4868] 6 AH_SHA2-384 [RFC4868] 7 AH_SHA2-512 [RFC4868] 8 AH_RIPEMD [RFC2857] 9 AH_AES-XCBC-MAC [RFC3566] 10 AH_RSA [RFC4359] 11 AH_AES-128-GMAC [RFC4543][RFC Errata 1821] 12 AH_AES-192-GMAC [RFC4543][RFC Errata 1821] 13 AH_AES-256-GMAC [RFC4543][RFC Errata 1821] 14-248 Unassigned 249-255 Reserved for private use IPSEC ESP Transform Identifiers Registration Procedure(s) Registry closed Reference [RFC2407][RFC9395] Note The IPSEC ESP Transform Identifier is an 8-bit value which identifies a particular algorithm to be used to provide secrecy protection for ESP. Requests for assignments of new ESP transform identifiers must be accompanied by an RFC which describes how to use the algorithm within the ESP framework ([ESP]). If the RFC is not on the standards-track (i.e., it is an informational or experimental RFC), it must be explicitly reviewed and approved by the IESG before the RFC is published and the transform identifier is assigned. Available Formats [IMG] CSV Value Transform ID References 0 RESERVED [RFC2407] 1 ESP_DES_IV64 [RFC2407] 2 ESP_DES [RFC2407] 3 ESP_3DES [RFC2407] 4 ESP_RC5 [RFC2407] 5 ESP_IDEA [RFC2407] 6 ESP_CAST [RFC2407] 7 ESP_BLOWFISH [RFC2407] 8 ESP_3IDEA [RFC2407] 9 ESP_DES_IV32 [RFC2407] 10 ESP_RC4 [RFC2407] 11 ESP_NULL [RFC2407] 12 ESP_AES-CBC [RFC3602] 13 ESP_AES-CTR [RFC3686] 14 ESP_AES-CCM_8 [RFC4309][1] 15 ESP_AES-CCM_12 [RFC4309][1] 16 ESP_AES-CCM_16 [RFC4309][1] 17 Unassigned 18 ESP_AES-GCM_8 [RFC4106][1] 19 ESP_AES-GCM_12 [RFC4106][1] 20 ESP_AES-GCM_16 [RFC4106][1] 21 ESP_SEED_CBC [RFC4196] 22 ESP_CAMELLIA [RFC4312] 23 ESP_NULL_AUTH_AES-GMAC [RFC4543][RFC Errata 1821] 24-248 Unassigned 249-255 Reserved for private use IPSEC IPCOMP Transform Identifiers Registration Procedure(s) Registry closed Reference [RFC2407][RFC9395] Note The IPSEC IPCOMP Transform Identifier is an 8-bit value which identifier a particular algorithm to be used to provide IP-level compression before ESP. Requests for assignments of new IPCOMP transform identifiers must be accompanied by an RFC which describes how to use the algorithm within the IPCOMP framework ([IPCOMP]). In addition, the requested algorithm must be published and in the public domain. If the RFC is not on the standards-track (i.e., it is an informational or experimental RFC), it must be explicitly reviewed and approved by the IESG before the RFC is published and the transform identifier is assigned. Available Formats [IMG] CSV Value Transform ID References 0 RESERVED [RFC2407] 1 IPCOMP_OUI [RFC2407] 2 IPCOMP_DEFLATE [RFC2407] 3 IPCOMP_LZS [RFC2407] 4 IPCOMP_LZJH [RFC3051] 5-47 Reserved for approved algorithms 48-63 Reserved for private use 64-255 Unassigned IPSEC Security Association Attributes Registration Procedure(s) Registry closed Reference [RFC2407][RFC9395] Note The IPSEC Security Association Attribute consists of a 16-bit type and its associated value. IPSEC SA attributes are used to pass miscellaneous values between ISAKMP peers. Requests for assignments of new IPSEC SA attributes must be accompanied by an Internet Draft which describes the attribute encoding (Basic/Variable-Length) and its legal values. Section 4.5 of this document provides an example of such a description. Available Formats [IMG] CSV Value Type Class References 1 B SA Life Type [RFC2407] 2 V SA Life Duration [RFC2407] 3 B Group Description [RFC2407] 4 B Encapsulation Mode [RFC2407] 5 B Authentication Algorithm [RFC2407] 6 B Key Length [RFC2407] 7 B Key Rounds [RFC2407] 8 B Compress Dictionary Size [RFC2407] 9 V Compress Private Algorithm [RFC2407] 10 B ECN Tunnel [RFC3168] 11 B Extended (64-bit) Sequence Number [RFC4304] 12 V Authentication Key Length [RFC4359] 13 B Signature Encoding Algorithm [RFC4359] 14 B Address Preservation [RFC6407] 15 B SA Direction [RFC6407] 16-32000 Unassigned 32001-32767 Reserved for private use SA Life Type Values (Value 1) Registration Procedure(s) Registry closed Reference [RFC2407][RFC9395] Available Formats [IMG] CSV Value Name References 0 Reserved [RFC2407] 1 seconds [RFC2407] 2 kilobytes [RFC2407] 3-61439 Unassigned 61440-65535 Reserved for private use Group Description (Value 3) Note Please refer to the registry Group Description (Value 4) at [IANA registry ipsec-registry] Encapsulation Mode (Value 4) Registration Procedure(s) Registry closed Reference [RFC2407][RFC9395] Available Formats [IMG] CSV Value Name References 0 Reserved [RFC2407] 1 Tunnel [RFC2407] 2 Transport [RFC2407] 3 UDP-Encapsulated-Tunnel [RFC3947] 4 UDP-Encapsulated-Transport [RFC3947] 5-61439 Unassigned 61440-65535 Reserved for private use Authentication Algorithm (Value 5) Registration Procedure(s) Registry closed Reference [RFC2407][RFC9395] Available Formats [IMG] CSV Value Name References 0 Reserved [RFC2407] 1 HMAC-MD5 [RFC2407] 2 HMAC-SHA [RFC2407] 3 DES-MAC [RFC2407] 4 KPDK [RFC2407] 5 HMAC-SHA2-256 [Marcus_Leech][IPSEC] 6 HMAC-SHA2-384 [Marcus_Leech][IPSEC] 7 HMAC-SHA2-512 [Marcus_Leech][IPSEC] 8 HMAC-RIPEMD [RFC2857] 9 AES-XCBC-MAC [RFC3566] 10 SIG-RSA [RFC4359] 11 AES-128-GMAC [RFC4543][RFC Errata 1821] 12 AES-192-GMAC [RFC4543][RFC Errata 1821] 13 AES-256-GMAC [RFC4543][RFC Errata 1821] 14-61439 Unassigned 61440-65535 Reserved for private use Compression Private Algorithm (Value 9) Registration Procedure(s) IANA does not assign Reference [RFC2407] Note Specifies a private vendor compression algorithm. The first three (3) octets must be an IEEE assigned company_id (OUI). The next octet may be a vendor specific compression subtype, followed by zero or more octets of vendor data. Registry is empty. ECN Tunnel (Value 10) Registration Procedure(s) Registry closed Reference [RFC3168][RFC9395] Note If unspecified, the default shall be assumed to be Forbidden. Available Formats [IMG] CSV Value Name References 0 Reserved [RFC3168] 1 Allowed [RFC3168] 2 Forbidden [RFC3168] 3-61439 Unassigned 61440-65535 Reserved for private use Extended (64-bit) Sequence Number (Value 11) Registration Procedure(s) No additional class values will be assigned for this attribute. Reference [RFC4304][RFC9395] Available Formats [IMG] CSV Value Name References 0 RESERVED [RFC4304] 1 64-bit Sequence Number [RFC4304] Signature Encoding Algorithm Values (Value 13) Registration Procedure(s) Registry closed Reference [RFC4359][RFC9395] Available Formats [IMG] CSV Value Name References 0 Reserved [RFC4359] 1 RSASSA-PKCS1-v1_5 [RFC4359] 2 RSASSA-PSS [RFC4359] 3-61439 Unassigned 61440-65535 Reserved for private use Address Preservation (Value 14) Registration Procedure(s) Registry closed Reference [RFC6407][RFC9395] Available Formats [IMG] CSV Value Name References 0 Reserved [RFC6407] 1 None [RFC6407] 2 Source-Only [RFC6407] 3 Destination-Only [RFC6407] 4 Source-and-Destination [RFC6407] 5-61439 Unassigned 61440-65535 Private Use [RFC6407] SA Direction (Value 15) Registration Procedure(s) Registry closed Reference [RFC6407][RFC9395] Available Formats [IMG] CSV Value Name References 0 Reserved [RFC6407] 1 Sender-Only [RFC6407] 2 Receiver-Only [RFC6407] 3 Symmetric [RFC6407] 4-61439 Unassigned [RFC6407] 61440-65535 Private Use [RFC6407] IPSEC Labeled Domain Identifiers Registration Procedure(s) Registry closed Reference [RFC2407][RFC9395] Note The IPSEC Labeled Domain Identifier is a 32-bit value which identifies a namespace in which the Secrecy and Integrity levels and categories values are said to exist. Requests for assignments of new IPSEC Labeled Domain Identifiers should be granted on demand. No accompanying documentation is required, though Internet Drafts are encouraged when appropriate. Available Formats [IMG] CSV Value Domain References 0 Reserved [RFC2407] 0x80000000-0xffffffff Reserved for private use IPSEC Identification Type Registration Procedure(s) Registry closed Reference [RFC2407][RFC9395] Note The IPSEC Identification Type is an 8-bit value which is used as a discriminant for interpretation of the variable-length Identification Payload. Requests for assignments of new IPSEC Identification Types must be accompanied by an RFC which describes how to use the identification type within IPSEC. If the RFC is not on the standards track (i.e., it is an informational or experimental RFC), it must be explicitly reviewed and approved by the IESG before the RFC is published and the transform identifier is assigned. Available Formats [IMG] CSV Value ID Type References 0 RESERVED [RFC2407] 1 ID_IPV4_ADDR [RFC2407] 2 ID_FQDN [RFC2407] 3 ID_USER_FQDN [RFC2407] 4 ID_IPV4_ADDR_SUBNET [RFC2407] 5 ID_IPV6_ADDR [RFC2407] 6 ID_IPV6_ADDR_SUBNET [RFC2407] 7 ID_IPV4_ADDR_RANGE [RFC2407] 8 ID_IPV6_ADDR_RANGE [RFC2407] 9 ID_DER_ASN1_DN [RFC2407] 10 ID_DER_ASN1_GN [RFC2407] 11 ID_KEY_ID [RFC2407] 12 ID_LIST [RFC3554] 13-248 Unassigned 249-255 Reserved for private use IPSEC Notify Message Types Registration Procedure(s) Registry closed Reference [RFC2407][RFC9395] Note The IPSEC Notify Message Type is a 16-bit value taken from the range of values reserved by ISAKMP for each DOI. There is one range for error messages (8192-16383) and a different range for status messages (24576-32767). Requests for assignments of new Notify Message Types must be accompanied by an Internet Draft which describes how to use the identification type within IPSEC. Notify Messages - Error Types (8192-16383) Registration Procedure(s) Registry closed Reference [RFC9395] Available Formats [IMG] CSV Value Notify Messages - Error Types References 8192 Reserved [RFC2407] 8193-16000 Unassigned 16001-16383 Reserved for private use Notify Messages - Status Types (24576-32767) Registration Procedure(s) Registry closed Reference [RFC9395] Available Formats [IMG] CSV Value Notify Messages - Status Types References 24576 RESPONDER-LIFETIME [RFC2407] 24577 REPLAY-STATUS [RFC2407] 24578 INITIAL-CONTACT [RFC2407] 24579-32000 Unassigned 32001-32767 Reserved for private use Contact Information ID Name Contact URI Last Updated [IPSEC] IETF IPSEC WG mailto:ipsec&ietf.org 2023-01-04 [Marcus_Leech] Marcus Leech mailto:mleech&nortelnetworks.com 2000-10 Footnote [1] This is combined mode cipher, but combined mode algorithms are not a ature of IPsec-v2. Although some IKEv1/IPsec-v2 implementations inude this capability (see [RFC6071] Section 5.4), it is not part of thprotocol. Licensing Terms