IP Security Maintenance and Extensions (ipsecme)

• About
• Documents
• Meetings
• History
• Photos
• Email expansions
• List archive »

	Document	Date	Status	IPR	AD/Shepherd
	Active Internet-Drafts (13 hits)
	44 pages draft-ietf-ipsecme-diet-esp-09 ESP Header Compression with Diet-ESP	2025-08-17	I-D Exists In WG Last Call : Proposed Standard
	44 pages draft-ietf-ipsecme-eesp-02 Enhanced Encapsulating Security Payload (EESP)	2025-10-19	I-D Exists WG Document
	16 pages draft-ietf-ipsecme-eesp-ikev2-01 IKEv2 negotiation for Enhanced Encapsulating Security Payload (EESP)	2025-09-16	I-D Exists WG Document
	10 pages draft-ietf-ipsecme-encrypted-esp-ping-01 Encrypted ESP Echo Protocol	2025-10-07	I-D Exists WG Document
	8 pages draft-ietf-ipsecme-ikev2-beet-mode-01 IKEv2 negotiation for Bound End-to-End Tunnel (BEET) mode ESP	2025-09-16	I-D Exists WG Document
	15 pages draft-ietf-ipsecme-ikev2-diet-esp-extension-06 Internet Key Exchange version 2 (IKEv2) extension for Header Compression Profile (HCP)	2025-08-21	I-D Exists In WG Last Call : Proposed Standard
	10 pages draft-ietf-ipsecme-ikev2-downgrade-prevention-01 Downgrade Prevention for the Internet Key Exchange Protocol Version 2 (IKEv2)	2025-11-14	I-D Exists WG Document
	13 pages draft-ietf-ipsecme-ikev2-mlkem-03 Post-quantum Hybrid Key Exchange with ML-KEM in the Internet Key Exchange Protocol Version 2 (IKEv2)	2025-09-29	I-D Exists WG Consensus: Waiting for Write-Up : Proposed Standard
	21 pages draft-ietf-ipsecme-ikev2-pqc-auth-06 Signature Authentication in the Internet Key Exchange Version 2 (IKEv2) using PQC	2025-10-20	I-D Exists WG Consensus: Waiting for Write-Up : Proposed Standard
	6 pages draft-ietf-ipsecme-ikev2-prf-plus-00 Use of Variable-Length Output Pseudo-Random Functions (PRFs) in the Internet Key Exchange Protocol Version 2 (IKEv2)	2025-10-06	I-D Exists WG Document
	8 pages draft-ietf-ipsecme-ikev2-reliable-transport-00 Separate Transports for IKE and ESP	2025-10-06	I-D Exists WG Document
	12 pages draft-ietf-ipsecme-ikev2-sa-ts-payloads-opt-05 Optimized Rekeys in the Internet Key Exchange Protocol Version 2 (IKEv2)	2025-07-07	I-D Exists WG Document	2
	31 pages draft-ietf-ipsecme-sha3-00 Use of SHA-3 in the Internet Key Exchange Protocol Version 2 (IKEv2) and IPsec	2025-11-20 New	I-D Exists WG Document
	Expired Internet-Draft (1 hit)
	8 pages draft-ietf-ipsecme-esp-ping-00 ESP Echo Protocol	2025-04-30	Expired WG Document
	RFCs (44 hits)
	15 pages RFC 5685 Redirect Mechanism for the Internet Key Exchange Protocol Version 2 (IKEv2)	2009-11	Proposed Standard RFC		Tim Polk
	26 pages RFC 5723 Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption	2010-01	Proposed Standard RFC		Pasi Eronen
	32 pages RFC 5739 IPv6 Configuration in Internet Key Exchange Protocol Version 2 (IKEv2) Errata	2010-02	Experimental RFC		Tim Polk
	15 pages RFC 5840 Wrapped Encapsulating Security Payload (ESP) for Traffic Visibility	2010-04	Proposed Standard RFC		Pasi Eronen
	32 pages RFC 5879 Heuristics for Detecting ESP-NULL Packets	2010-05	Informational RFC		Pasi Eronen
	6 pages RFC 5930 Using Advanced Encryption Standard Counter Mode (AES-CTR) with the Internet Key Exchange version 02 (IKEv2) Protocol	2010-07	Informational RFC		Sean Turner
	138 pages RFC 5996 Internet Key Exchange Protocol Version 2 (IKEv2) Errata	2010-09	Proposed Standard RFC Obsoleted by rfc7296 Updated by rfc5998, rfc6989, rfc6989	10	Sean Turner
	16 pages RFC 5998 An Extension for EAP-Only Authentication in IKEv2	2010-09	Proposed Standard RFC		Sean Turner
	12 pages RFC 6027 IPsec Cluster Problem Statement	2010-10	Informational RFC		Sean Turner
	63 pages RFC 6071 IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap	2011-02	Informational RFC		Sean Turner
	22 pages RFC 6290 A Quick Crash Detection Method for the Internet Key Exchange Protocol (IKE) Errata	2011-06	Proposed Standard RFC		Sean Turner
	26 pages RFC 6311 Protocol Support for High Availability of IKEv2/IPsec Errata	2011-07	Proposed Standard RFC		Sean Turner
	10 pages RFC 6989 Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2)	2013-07	Proposed Standard RFC		Sean Turner
	12 pages RFC 7018 Auto-Discovery VPN Problem Statement and Requirements	2013-09	Informational RFC		Sean Turner
	142 pages RFC 7296 Internet Key Exchange Protocol Version 2 (IKEv2) Errata	2014-10	Internet Standard RFC Updated by rfc7427, rfc7670, rfc8247, rfc8983, rfc9370, rfc9827 Also known as STD 79	10	Kathleen Moriarty
	11 pages RFC 7321 Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)	2014-08	Proposed Standard RFC Obsoleted by rfc8221		Kathleen Moriarty
	20 pages RFC 7383 Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation	2014-11	Proposed Standard RFC		Kathleen Moriarty
	18 pages RFC 7427 Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)	2015-01	Proposed Standard RFC		Kathleen Moriarty
	12 pages RFC 7619 The NULL Authentication Method in the Internet Key Exchange Protocol Version 2 (IKEv2)	2015-08	Proposed Standard RFC		Kathleen Moriarty
	13 pages RFC 7634 ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec Errata	2015-08	Proposed Standard RFC		Kathleen Moriarty
	32 pages RFC 8019 Protecting Internet Key Exchange Protocol Version 2 (IKEv2) Implementations from Distributed Denial-of-Service Attacks	2016-11	Proposed Standard RFC		Kathleen Moriarty
	8 pages RFC 8031 Curve25519 and Curve448 for the Internet Key Exchange Protocol Version 2 (IKEv2) Key Agreement Errata	2016-12	Proposed Standard RFC		Kathleen Moriarty
	15 pages RFC 8221 Cryptographic Algorithm Implementation Requirements and Usage Guidance for Encapsulating Security Payload (ESP) and Authentication Header (AH)	2017-10	Proposed Standard RFC Updated by rfc9395		Eric Rescorla
	25 pages RFC 8229 TCP Encapsulation of IKE and IPsec Packets Errata	2017-08	Proposed Standard RFC Obsoleted by rfc9329		Eric Rescorla
	19 pages RFC 8247 Algorithm Implementation Requirements and Usage Guidance for the Internet Key Exchange Protocol Version 2 (IKEv2)	2017-09	Proposed Standard RFC Updated by rfc9395		Eric Rescorla
	5 pages RFC 8420 Using the Edwards-Curve Digital Signature Algorithm (EdDSA) in the Internet Key Exchange Protocol Version 2 (IKEv2)	2018-08	Proposed Standard RFC		Eric Rescorla
	16 pages RFC 8598 Split DNS Configuration for the Internet Key Exchange Protocol Version 2 (IKEv2)	2019-05	Proposed Standard RFC		Eric Rescorla
	8 pages RFC 8750 Implicit Initialization Vector (IV) for Counter-Based Ciphers in Encapsulating Security Payload (ESP)	2020-03	Proposed Standard RFC		Alexey Melnikov
	16 pages RFC 8784 Mixing Preshared Keys in the Internet Key Exchange Protocol Version 2 (IKEv2) for Post-quantum Security	2020-06	Proposed Standard RFC		Benjamin Kaduk
	7 pages RFC 8983 Internet Key Exchange Protocol Version 2 (IKEv2) Notification Status Types for IPv4/IPv6 Coexistence	2021-02	Proposed Standard RFC		Benjamin Kaduk
	14 pages RFC 9242 Intermediate Exchange in the Internet Key Exchange Protocol Version 2 (IKEv2) Errata	2022-05	Proposed Standard RFC		Benjamin Kaduk
	30 pages RFC 9329 TCP Encapsulation of Internet Key Exchange Protocol (IKE) and IPsec Packets	2022-11	Proposed Standard RFC		Roman Danyliw
	31 pages RFC 9347 Aggregation and Fragmentation Mode for Encapsulating Security Payload (ESP) and Its Use for IP Traffic Flow Security (IP-TFS) Errata	2023-01	Proposed Standard RFC		Roman Danyliw
	25 pages RFC 9348 A YANG Data Model for IP Traffic Flow Security	2023-01	Proposed Standard RFC		Roman Danyliw
	19 pages RFC 9349 Definitions of Managed Objects for IP Traffic Flow Security	2023-01	Proposed Standard RFC		Roman Danyliw
	29 pages RFC 9370 Multiple Key Exchanges in the Internet Key Exchange Protocol Version 2 (IKEv2)	2023-05	Proposed Standard RFC		Roman Danyliw
	7 pages RFC 9395 Deprecation of the Internet Key Exchange Version 1 (IKEv1) Protocol and Obsoleted Algorithms	2023-04	Proposed Standard RFC		Roman Danyliw
	16 pages RFC 9464 Internet Key Exchange Protocol Version 2 (IKEv2) Configuration for Encrypted DNS	2023-11	Proposed Standard RFC		Roman Danyliw
	7 pages RFC 9478 Labeled IPsec Traffic Selector Support for the Internet Key Exchange Protocol Version 2 (IKEv2)	2023-10	Proposed Standard RFC		Roman Danyliw
	13 pages RFC 9593 Announcing Supported Authentication Methods in the Internet Key Exchange Protocol Version 2 (IKEv2)	2024-07	Proposed Standard RFC		Roman Danyliw
	9 pages RFC 9611 Internet Key Exchange Protocol Version 2 (IKEv2) Support for Per-Resource Child Security Associations (SAs)	2024-07	Proposed Standard RFC		Roman Danyliw
	8 pages RFC 9827 Renaming the Extended Sequence Numbers (ESN) Transform Type in the Internet Key Exchange Protocol Version 2 (IKEv2)	2025-11	Proposed Standard RFC		Deb Cooley
	66 pages RFC 9838 Group Key Management Using the Internet Key Exchange Protocol Version 2 (IKEv2)	2025-11	Proposed Standard RFC	1	Deb Cooley
	12 pages RFC 9867 Mixing Preshared Keys in the IKE_INTERMEDIATE and CREATE_CHILD_SA Exchanges of the Internet Key Exchange Protocol Version 2 (IKEv2) for Post-Quantum Security	2025-11	Proposed Standard RFC		Deb Cooley
	Related Internet-Drafts and RFCs (60 hits)
	11 pages draft-antony-ipsecme-ikev2-fragment-acknowledgment-01 IKEv2 Fragment Acknowledgment Extension	2025-11-19 New	I-D Exists
	8 pages draft-chen-ipsec-problems-for-ntn-network-01 IPsec problems when used in NTN network	2025-07-19	I-D Exists
	17 pages draft-dunbar-ipsecme-lightweight-authenticate-02 Lightweight Authentication for Encapsulation Header	2025-10-20	I-D Exists
	16 pages draft-guo-ipsecme-ikev2-using-shangmi-03 Using ShangMi in the Internet Key Exchange Protocol Version 2 (IKEv2)	2025-08-18	I-D Exists Response to Review Needed : Informational
	18 pages draft-guthrie-cnsa2-ipsec-profile-01 Commercial National Security Algorithm (CNSA) Suite 2.0 Profile for IPsec	2025-08-29	I-D Exists::Revised I-D Needed Submission Received : Informational
	9 pages draft-guthrie-ipsecme-aes-gcm-siv-00 Using AES-GCM-SIV in the Internet Protocol Version 2 (IKEv2) and Encapsulating Security Payload (ESP) Protocols	2025-07-01	I-D Exists
	13 pages draft-hu-ipsecme-pqt-hybrid-auth-03 Post-Quantum Traditional (PQ/T) Hybrid PKI Authentication in the Internet Key Exchange Version 2 (IKEv2)	2025-11-01	I-D Exists
	20 pages draft-liu-ipsecme-ikev2-mtu-dect-10 IKEv2 Link Maximum Atomic Packet and Packet Too Big Notification Extension	2025-10-20	I-D Exists	1
	8 pages draft-ls-ipsecme-ipcomp-exclude-transport-layer-02 IP Payload Compression excluding transport layer	2025-11-30 New	I-D Exists
	10 pages draft-mglt-ipsecme-dscp-np-04 Differentiated Services Field Codepoints Internet Key Exchange version 2 Notification	2025-10-08	I-D Exists
	16 pages draft-moskowitz-ipsecme-rfc7402-beet-update-02 A Bound End-to-End Tunnel (BEET) mode for ESP	2025-10-09	I-D Exists
	7 pages draft-nir-ipsecme-big-payload-06 A Larger Internet Key Exchange version 2 (IKEv2) Payload	2025-09-14	I-D Exists
	7 pages draft-pwouters-ipsecme-child-pfs-info-02 IKEv2 Support for Child SA PFS Policy Information	2025-10-15	I-D Exists
	7 pages draft-sfluhrer-ipsecme-ikev2-mldsa-01 IKEv2 Support of ML-DSA	2025-07-28	I-D Exists
	11 pages draft-skyline-ipsecme-ntru-ikev2-00 Post-quantum Hybrid Key Exchange with NTRU in the Internet Key Exchange Protocol Version 2 (IKEv2)	2025-07-07	I-D Exists
	8 pages draft-smyslov-ipsecme-ikev2-mceliece-01 Using Classic McEliece in the Internet Key Exchange Protocol Version 2 (IKEv2)	2025-10-06	I-D Exists
	7 pages draft-smyslov-ipsecme-ikev2-psp-00 Using the Internet Key Exchange Protocol Version 2 (IKEv2) for PSP Key Management	2025-10-16	I-D Exists
	15 pages draft-wang-ipsecme-hybrid-kem-ikev2-frodo-02 Post-quantum Hybrid Key Exchange in the IKEv2 with FrodoKEM	2025-11-04	I-D Exists
	22 pages draft-wang-ipsecme-kem-auth-ikev2-02 KEM-based Authentication for IKEv2 with Post-quantum Security	2025-10-18	I-D Exists
	13 pages draft-xia-ipsecme-eesp-stateless-encryption-02 Stateless Encryption Scheme of Enhanced Encapsulating Security Payload (EESP)	2025-10-20	I-D Exists
	11 pages RFC 2104 HMAC: Keyed-Hashing for Message Authentication Errata	1997-02	Informational RFC Updated by rfc6151
	7 pages RFC 2403 The Use of HMAC-MD5-96 within ESP and AH	1998-11	Proposed Standard RFC
	7 pages RFC 2404 The Use of HMAC-SHA-1-96 within ESP and AH	1998-11	Proposed Standard RFC
	10 pages RFC 2405 The ESP DES-CBC Cipher Algorithm With Explicit IV	1998-11	Proposed Standard RFC
	6 pages RFC 2410 The NULL Encryption Algorithm and Its Use With IPsec Errata	1998-11	Proposed Standard RFC
	14 pages RFC 2451 The ESP CBC-Mode Cipher Algorithms	1998-11	Proposed Standard RFC
	10 pages RFC 3526 More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)	2003-05	Proposed Standard RFC	1	Jeffrey I. Schiller
	11 pages RFC 3566 The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec	2003-09	Proposed Standard RFC		Russ Housley
	15 pages RFC 3602 The AES-CBC Cipher Algorithm and Its Use with IPsec	2003-09	Proposed Standard RFC		Russ Housley
	19 pages RFC 3686 Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP)	2004-01	Proposed Standard RFC		Steven M. Bellovin
	15 pages RFC 3948 UDP Encapsulation of IPsec ESP Packets Errata	2005-01	Proposed Standard RFC	2	Russ Housley
	11 pages RFC 4106 The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP) Errata	2005-06	Proposed Standard RFC		Russ Housley
	101 pages RFC 4301 Security Architecture for the Internet Protocol Errata	2005-12	Proposed Standard RFC Updated by rfc6040, rfc7619	1	Russ Housley
	34 pages RFC 4302 IP Authentication Header Errata	2005-12	Proposed Standard RFC		Russ Housley
	44 pages RFC 4303 IP Encapsulating Security Payload (ESP) Errata	2005-12	Proposed Standard RFC		Russ Housley
	7 pages RFC 4308 Cryptographic Suites for IPsec Errata	2005-12	Proposed Standard RFC		Russ Housley
	13 pages RFC 4309 Using Advanced Encryption Standard (AES) CCM Mode with IPsec Encapsulating Security Payload (ESP) Errata	2005-12	Proposed Standard RFC		Steven M. Bellovin
	6 pages RFC 4434 The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)	2006-02	Proposed Standard RFC		Russ Housley
	5 pages RFC 4478 Repeated Authentication in Internet Key Exchange (IKEv2) Protocol	2006-04	Experimental RFC		Russ Housley
	8 pages RFC 4494 The AES-CMAC-96 Algorithm and Its Use with IPsec	2006-06	Proposed Standard RFC		Russ Housley
	14 pages RFC 4543 The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH Errata	2006-05	Proposed Standard RFC		Russ Housley
	33 pages RFC 4555 IKEv2 Mobility and Multihoming Protocol (MOBIKE)	2006-06	Proposed Standard RFC	3	Russ Housley
	7 pages RFC 4615 The Advanced Encryption Standard-Cipher-based Message Authentication Code-Pseudo-Random Function-128 (AES-CMAC-PRF-128) Algorithm for the Internet Key Exchange Protocol (IKE)	2006-08	Proposed Standard RFC		Russ Housley
	11 pages RFC 4739 Multiple Authentication Exchanges in the Internet Key Exchange (IKEv2) Protocol	2006-11	Experimental RFC		Russ Housley
	15 pages RFC 4754 IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA) Errata	2007-01	Proposed Standard RFC	4	Russ Housley
	11 pages RFC 4806 Online Certificate Status Protocol (OCSP) Extensions to IKEv2	2007-02	Proposed Standard RFC		Russ Housley
	21 pages RFC 4868 Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec Errata	2007-05	Proposed Standard RFC		Russ Housley
	23 pages RFC 5114 Additional Diffie-Hellman Groups for Use with IETF Standards	2008-01	Informational RFC		Tim Polk
	19 pages RFC 5282 Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol Errata	2008-08	Proposed Standard RFC		Tim Polk
	7 pages RFC 5529 Modes of Operation for Camellia for Use with IPsec	2009-04	Proposed Standard RFC		Tim Polk
	13 pages RFC 5857 IKEv2 Extensions to Support Robust Header Compression over IPsec Errata	2010-05	Proposed Standard RFC		Magnus Westerlund
	16 pages RFC 5903 Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2 Errata	2010-06	Informational RFC	3	Tim Polk
	7 pages RFC 6023 A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security Association (SA)	2010-10	Experimental RFC		Sean Turner
	10 pages RFC 6467 Secure Password Framework for Internet Key Exchange Version 2 (IKEv2)	2011-12	Informational RFC		Sean Turner
	24 pages RFC 6617 Secure Pre-Shared Key (PSK) Authentication for the Internet Key Exchange Protocol (IKE)	2012-06	Experimental RFC		Sean Turner
	20 pages RFC 6628 Efficient Augmented Password-Only Authentication and Key Exchange for IKEv2	2012-06	Experimental RFC	3	Sean Turner
	26 pages RFC 6631 Password Authenticated Connection Establishment with the Internet Key Exchange Protocol version 2 (IKEv2)	2012-06	Experimental RFC		Sean Turner
	9 pages RFC 6867 An Internet Key Exchange Protocol Version 2 (IKEv2) Extension to Support EAP Re-authentication Protocol (ERP)	2013-01	Experimental RFC		Sean Turner
	14 pages RFC 7791 Cloning the IKE Security Association in the Internet Key Exchange Protocol Version 2 (IKEv2)	2016-03	Proposed Standard RFC		Kathleen Moriarty
	22 pages RFC 9227 Using GOST Ciphers in the Encapsulating Security Payload (ESP) and Internet Key Exchange Version 2 (IKEv2) Protocols	2022-03	Informational RFC