rfc2411.txt

RFC文档

  的例子文档.
4.2 加密算法
   本节描述了包括在加密算法文档中的信息.
   加密算法描述:
      .关于加密算法被用于ESP的通常信息.
      .背景材料的描述和形式算法的描述.
      .被ESP使用的加密算法的特点,包括加密和/或认证.
      .提及所有实用性问题,如知识产权的所有权考虑.
      .在IEIF模式中,背景材料的参考资料,如FIPS文档.

算法方式的操作
 .关于算法是如何被操作的,算法是块模式,流模式或其他模式的描述.
 .关于输入或输出块格式的要求.
 .该算法的填充要求. 注意:在基本ESP文档中已指明了默认的填充,因此在这里只需
  指明是否能使用默认的填充.
     .任何特定算法的操作参数,如巡回的次数.
     .区分可选参数和可选操作模式和挑选合理的固定值和清楚的技术解释.
     .区分这些可选参数在那些值和方法下将保持有清楚的技术解释的可选性,为什么固
      定值和方法不能使用.
     .不能确定的算法-特有的可选参数的默认范围和指定范围.
    
4.3 认证算法
本节描述了包括在认证算法文档中的信息.在大多数情况下,不管它被用于ESP还是AH, 一个
认证算法执行相同的操作.这被表示在一个单独的认证算法文档中.
   认证算法的描述
     .关于认证算法被用于ESP和AH的通常信息.
     .背景材料的描述和形式算法的描述.
     .该认证算法的特点.
     .提及所有实用性问题,如知识产权的所有权考虑.
     .在IEIF模式中,背景材料的参考资料(如FIPS文档)和关于潜在算法的权威描述.

   算法方式的操作
     . 关于算法是如何被操作的描述.
     . 算法-特有的操作参数,如:巡回的次数,输入或输出的块格式.
     . 暗示和指明的该算法的填充要求.注意:在AH协议文档中指明了的认证数据域有默认
       的填充方法. 因此在这里只需指明是否能使用默认的填充.
     . 区分可选参数和可选操作模式和挑选合理的固定值和清楚的技术解释.
     . 区分这些可选参数在那些值和方法下将保持有清楚的技术解释的可选性,为什么固
       定值和方法不能使用.
     . 不能确定的算法-特有的可选参数的默认范围和指定范围.
     . 该算法的认证数据的比较标准.注意:在AH协议文档中已经指明了一种校验认证数
       据的默认方法. 因此在这里只需指明是否能使用默认(如:当使用一个带符号的哈
       希时).
 
5. 安全性考虑
   本文档为写作加密和认证算法文件提供了指南和指导方针.读者应遵从在Ipsec 体系结
构,ESP协议,AH协议,加密算法和认证算法文档中描述的所有安全过程和指导方针.注意:许
多加密算法如果不与某些认证机制一起使用不被认为是安全的。

6. 声明:
   在写本文档时参考了几篇因特网草稿.依赖于这些文档在IETF标准途径的位置, 这些文档
也许不在IETF RFC的仓库内了.在某些情况下,读者也许会想知道这些参考文档的版本.这些
文档是:
    .  DES-Detroit: this is the ANX Workshop style of ESP, based on the
       Hughes draft as modified by Cheryl Madson and published on the ANX
       mailing list.
    .  DOI: draft-ietf-ipsec-ipsec-doi-02.txt.
    .  3DES: this is <the Triple-DES shim document>.
    .  CAST: this is draft-ietf-ipsec-esp-cast-128-cbc-00.txt, as revised
       to relate to this document.
    .  ESP: draft-ietf-ipsec-esp-04.txt, mailed to the IETF mailing list
       in May/June 1997.
    .  AH: draft-ietf-ipsec-auth-05.txt, mailed to the IETF mailing list
       in May/June 1997.
    .  HUGHES: this is draft-ietf-ipsec-esp-des-md5-03.txt
    .  ISAKMP: There are three documents describing ISAKMP.  These are
       draft-ietf-ipsec-isakmp-07.txt, draft-ietf-ipsec-isakmp-oakley-
       03.txt, and draft-ietf-ipsec-ipsec-doi-02.txt.

7. 参考资料

   [CBC]         Periera, R., and R. Adams, "The ESP CBC-Mode Cipher
                 Algorithms", RFC 2451, November 1998.

   [Arch]        Kent, S., and R.  Atkinson, "Security Architecture for
                 the Internet Protocol", RFC 2401, November 1998.

   [DES-Detroit] Madson, C., and N. Doraswamy, "The ESP DES-CBC Cipher
                 Algorithm With Explicit IV", RFC 2405, November 1998.

   [DOI]         Piper, D., "The Internet IP Security Domain of
                 Interpretation for ISAKMP", RFC 2407, November 1998.

   [AH]          Kent, S., and R. Atkinson, "IP Authentication Header",
                 RFC 2402, November 1998.

   [ESP]         Kent, S., and R. Atkinson, "IP Encapsulating Security
                 Payload (ESP)", RFC 2406, November 1998.

   [HMAC]        Krawczyk, K., Bellare, M., and R. Canetti, "HMAC:
                 Keyed-Hashing for Message Authentication", RFC 2104,
                 February 1997.

   [HMAC-MD5]    Madson, C., and R. Glenn, "The Use of HMAC-MD5 within
                 ESP and AH", RFC 2403, November 1998.

   [HMAC-SHA-1]  Madson, C., and R. Glenn, "The Use of HMAC-SHA-1 within
                 ESP and AH", RFC 2404, November 1998.

   [RANDOM]      Eastlake, D., Crocker, S., and J. Schiller, "Randomness
                 Recommendations for Security", RFC 1750, December 1994.

   [RFC-2202]    Cheng, P., and R. Glenn, "Test Cases for HMAC-MD5 and
                 HMAC-SHA-1", RFC 2202, March 1997.


8. 作者地址

   Rodney Thayer
   Sable Technology Corporation
   246 Walnut Street
   Newton, Massachusetts  02160
   EMail: mailto:rodney@sabletech.com


   Naganand Doraswamy
   Bay Networks
   EMail: naganand@baynetworks.com


   Rob Glenn
   NIST
   EMail: rob.glenn@nist.gov

9.  全部版权声明

   Copyright (C) The Internet Society (1998).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

RFC2411——IP Security Document Roadmap                  IP安全文件指南


1
RFC文档中文翻译计划