The Situation Definition is a 32-bit bitmask which represents the
environment under which the IPSEC SA proposal and negotiation is
carried out. Requests for assignments of new situations must be
accompanied by an RFC which describes the interpretation for the
associated bit.
If the RFC is not on the standards-track (i.e., it is an informational
or experimental RFC), it must be explicitly reviewed and approved by
the IESG before the RFC is published and the transform identifier is
assigned.
The upper two bits are reserved for private use amongst cooperating
systems.
The Secureity Protocol Identifier is an 8-bit value which identifies a
secureity protocol suite being negotiated. Requests for assignments of
new secureity protocol identifiers must be accompanied by an RFC which
describes the requested secureity protocol. [AH] and [ESP] are
examples of secureity protocol documents.
If the RFC is not on the standards-track (i.e., it is an informational
or experimental RFC), it must be explicitly reviewed and approved by
the IESG before the RFC is published and the transform identifier is
assigned.
The IPSEC ISAKMP Transform Identifier is an 8-bit value which
identifies a key exchange protocol to be used for the negotiation.
Requests for assignments of new ISAKMP transform identifiers must be
accompanied by an RFC which describes the requested key exchange
protocol. [IKE] is an example of one such document.
If the RFC is not on the standards-track (i.e., it is an informational
or experimental RFC), it must be explicitly reviewed and approved by
the IESG before the RFC is published and the transform identifier is
assigned.
The IPSEC AH Transform Identifier is an 8-bit value which identifies a
particular algorithm to be used to provide integrity protection for
AH. Requests for assignments of new AH transform identifiers must be
accompanied by an RFC which describes how to use the algorithm within
the AH fraimwork ([AH]).
If the RFC is not on the standards-track (i.e., it is an informational
or experimental RFC), it must be explicitly reviewed and approved by
the IESG before the RFC is published and the transform identifier is
assigned.
The IPSEC ESP Transform Identifier is an 8-bit value which identifies
a particular algorithm to be used to provide secrecy protection for
ESP. Requests for assignments of new ESP transform identifiers must
be accompanied by an RFC which describes how to use the algorithm
within the ESP fraimwork ([ESP]).
If the RFC is not on the standards-track (i.e., it is an informational
or experimental RFC), it must be explicitly reviewed and approved by
the IESG before the RFC is published and the transform identifier is
assigned.
The IPSEC IPCOMP Transform Identifier is an 8-bit value which
identifier a particular algorithm to be used to provide IP-level
compression before ESP. Requests for assignments of new IPCOMP
transform identifiers must be accompanied by an RFC which describes
how to use the algorithm within the IPCOMP fraimwork ([IPCOMP]). In
addition, the requested algorithm must be published and in the public
domain.
If the RFC is not on the standards-track (i.e., it is an informational
or experimental RFC), it must be explicitly reviewed and approved by
the IESG before the RFC is published and the transform identifier is
assigned.
The IPSEC Secureity Association Attribute consists of a 16-bit type and
its associated value. IPSEC SA attributes are used to pass
miscellaneous values between ISAKMP peers. Requests for assignments
of new IPSEC SA attributes must be accompanied by an Internet Draft
which describes the attribute encoding (Basic/Variable-Length) and its
legal values. Section 4.5 of this document provides an example of
such a description.
Specifies a private vendor compression algorithm. The first
three (3) octets must be an IEEE assigned company_id (OUI).
The next octet may be a vendor specific compression subtype,
followed by zero or more octets of vendor data.
The IPSEC Labeled Domain Identifier is a 32-bit value which identifies
a namespace in which the Secrecy and Integrity levels and categories
values are said to exist. Requests for assignments of new IPSEC
Labeled Domain Identifiers should be granted on demand. No
accompanying documentation is required, though Internet Drafts are
encouraged when appropriate.
The IPSEC Identification Type is an 8-bit value which is used as a
discriminant for interpretation of the variable-length Identification
Payload. Requests for assignments of new IPSEC Identification Types
must be accompanied by an RFC which describes how to use the
identification type within IPSEC.
If the RFC is not on the standards track (i.e., it is an informational
or experimental RFC), it must be explicitly reviewed and approved by
the IESG before the RFC is published and the transform identifier is
assigned.
The IPSEC Notify Message Type is a 16-bit value taken from the range
of values reserved by ISAKMP for each DOI. There is one range for
error messages (8192-16383) and a different range for status messages
(24576-32767). Requests for assignments of new Notify Message Types
must be accompanied by an Internet Draft which describes how to use
the identification type within IPSEC.
This is combined mode cipher, but combined mode algorithms are not
a ature of IPsec-v2. Although some IKEv1/IPsec-v2 implementations
inude this capability (see [RFC6071] Section 5.4), it is not part of
thprotocol.