1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
4 <TITLE> Introduction to FreeS/WAN</TITLE>
5 <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
8 <A HREF="toc.html">Contents</a>
9 <A HREF="biblio.html">Previous</a>
10 <A HREF="faq.html">Next</a>
12 <H1><A name="RFC">IPSEC RFCs and related documents</A></H1>
13 <H2><A name="RFCfile">The RFCs.tar.gz Distribution File</A></H2>
14 <P>The Linux FreeS/WAN distribution is available from:</P>
15 <A href="http://www.xs4all.nl/~freeswan"> our primary distribution site</A>
16 and various mirror sites. To give people more control over their
17 downloads, the RFCs that define IP security are bundled separately in
19 <P>The file you are reading is included in the main distribution and is
20 available on the web site. It describes the RFCs included in the <A href="#RFCs.tar.gz">
21 RFCs.tar.gz</A> bundle and gives some pointers to <A href="#sources">
22 other ways to get them</A>.</P>
23 <H2><A name="sources">Other sources for RFCs & Internet drafts</A></H2>
24 <H3><A name="RFCdown">RFCs</A></H3>
25 <P> RFCs are downloadble at many places around the net such as:</P>
27 <LI><A href="http://www.rfc-editor.org">http://www.rfc-editor.org</A></LI>
28 <LI><A href="http://nis.nsf.net/internet/documents/rfc">NSF.net</A></LI>
29 <LI><A href="http://sunsite.doc.ic.ac.uk/computing/internet/rfc">
30 Sunsite in the UK</A></LI>
32 <P> browsable in HTML form at others such as:</P>
34 <LI><A href="http://www.landfield.com/rfcs/index.html">landfield.com</A></LI>
35 <LI><A href="http://www.library.ucg.ie/Connected/RFC">Connected
36 Internet Encyclopedia</A></LI>
38 <P> and some of them are available in translation:</P>
40 <LI><A href="http://www.eisti.fr/eistiweb/docs/normes/">French</A></LI>
42 <P> There is also a published <A href="web.html#RFCs1">Big Book of
44 <H3><A name="drafts">Internet Drafts</A></H3>
45 <P> Internet Drafts, working documents which sometimes evolve into
46 RFCs, are also available. </P>
48 <LI><A href="http://www.ietf.org/ID.html">Overall reference page</A></LI>
49 <LI>drafts from the <A href="http://www.ietf.org/ids.by.wg/ipsec.html">
50 IPSEC</A> working group</LI>
51 <LI>drafts from the <A href="http://www.ietf.org/ids.by.wg/ipsra.html">
52 IPSRA (IPSEC Remote Access)</A> working group</LI>
54 <P> Note: some of these may be obsolete, replaced by later drafts or by
56 <H3><A name="FIPS1">FIPS standards</A></H3>
57 <P> Some things used by <A href="glossary.html#IPSEC">IPSEC</A>, such
58 as <A href="glossary.html#DES">DES</A> and <A href="glossary.html#SHA">
59 SHA</A>, are defined by US government standards called <A href="glossary.html#FIPS">
60 FIPS</A>. The issuing organisation, <A href="glossary.html#NIST">NIST</A>
61 , have a <A href="http://www.itl.nist.gov/div897/pubs">FIPS home page</A>
63 <H3><A name="doc.cd">Document CDs</A></H3>
64 <P> At least one vendor sells CD-ROMs of RFCs and Internet Drafts: </P>
66 <LI><A href="http://www.cdrom.com/titles/educate/inet.phtml">Walnut
69 <P> Note: The 2401-2412 group of IPSEC RFCs were issued in late
70 November 1998, and the 2535-2539 group on Secure DNS in March 1999, so
71 an older CD may not be particularly useful if these areas are your main
73 <H2><A name="RFCs.tar.gz">What's in the RFCs.tar.gz bundle?</A></H2>
74 <P> All filenames are of the form rfc*.txt, with the * replaced with
79 <H3><A name="rfc.ov">Overview RFCs</A></H3>
81 2401 Security Architecture for the Internet Protocol
82 2411 IP Security Document Roadmap
84 <H3><A name="basic.prot">Basic protocols</A></H3>
86 2402 IP Authentication Header
87 2406 IP Encapsulating Security Payload (ESP)
89 <H3><A name="key.ike">Key management</A></H3>
91 2367 PF_KEY Key Management API, Version 2
92 2407 The Internet IP Security Domain of Interpretation for ISAKMP
93 2408 Internet Security Association and Key Management Protocol (ISAKMP)
94 2409 The Internet Key Exchange (IKE)
95 2412 The OAKLEY Key Determination Protocol
96 2528 Internet X.509 Public Key Infrastructure
98 <H3><A name="rfc.detail">Details of various things used</A></H3>
100 2085 HMAC-MD5 IP Authentication with Replay Prevention
101 2104 HMAC: Keyed-Hashing for Message Authentication
102 2202 Test Cases for HMAC-MD5 and HMAC-SHA-1
103 2207 RSVP Extensions for IPSEC Data Flows
104 2403 The Use of HMAC-MD5-96 within ESP and AH
105 2404 The Use of HMAC-SHA-1-96 within ESP and AH
106 2405 The ESP DES-CBC Cipher Algorithm With Explicit IV
107 2410 The NULL Encryption Algorithm and Its Use With IPsec
108 2451 The ESP CBC-Mode Cipher Algorithms
109 2521 ICMP Security Failures Messages
111 <H3><A name="rfc.ref">Older RFCs which may be referenced</A></H3>
113 1321 The MD5 Message-Digest Algorithm
114 1828 IP Authentication using Keyed MD5
115 1829 The ESP DES-CBC Transform
116 1851 The ESP Triple DES Transform
117 1852 IP Authentication using Keyed SHA
119 <H3><A name="rfc.dns">RFCs for secure DNS service, which IPSEC may use</A>
122 2137 Secure Domain Name System Dynamic Update
123 2230 Key Exchange Delegation Record for the DNS
124 2535 Domain Name System Security Extensions
125 2536 DSA KEYs and SIGs in the Domain Name System (DNS)
126 2537 RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)
127 2538 Storing Certificates in the Domain Name System (DNS)
128 2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS)
130 <H3><A name="rfc.exp">RFCs labelled "experimental"</A></H3>
132 2521 ICMP Security Failures Messages
133 2522 Photuris: Session-Key Management Protocol
134 2523 Photuris: Extended Schemes and Attributes
136 <H3><A name="rfc.rel">Related RFCs</A></H3>
138 1750 Randomness Recommendations for Security
139 1918 Address Allocation for Private Internets
140 1984 IAB and IESG Statement on Cryptographic Technology and the Internet
141 2144 The CAST-128 Encryption Algorithm
144 <A HREF="toc.html">Contents</a>
145 <A HREF="biblio.html">Previous</a>
146 <A HREF="faq.html">Next</a>