Search RFCs
RFC 4868
Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec,May 2007
- File formats:
- Status:
- PROPOSED STANDARD
- Authors:
- S. Kelly
S. Frankel - Stream:
- IETF
- Source:
- NON WORKING GROUP
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC4868
Discuss this RFC: Send questions or comments to the mailing listiesg@ietf.org
Other actions:View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 4868
Abstract
This specification describes the use of Hashed Message AuthenticationMode (HMAC) in conjunction with the SHA-256, SHA-384, and SHA-512algorithms in IPsec. These algorithms may be used as the basis fordata origin authentication and integrity verification mechanisms forthe Authentication Header (AH), Encapsulating Security Payload (ESP),Internet Key Exchange Protocol (IKE), and IKEv2 protocols, and alsoas Pseudo-Random Functions (PRFs) for IKE and IKEv2. Truncatedoutput lengths are specified for the authentication-related variants,with the corresponding algorithms designated as HMAC-SHA-256-128,HMAC-SHA-384-192, and HMAC-SHA-512-256. The PRF variants are nottruncated, and are called PRF-HMAC-SHA-256, PRF-HMAC-SHA-384, andPRF-HMAC-SHA-512. [STANDARDS-TRACK]
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.