
IKEv2 Parameters - per [RFC4306]

(last updated 2008-01-23)

Registries included below:
IKEv2 Exchange Types 
IKEv2 Payload Types 
IKEv2 Transform Types 
    IKEv2 Transform Attribute Types 
    IKEv2 Encryption Transform IDs 
    IKEv2 Pseudo-random Function Transform IDs 
    IKEv2 Integrity Algorithm Transform IDs 
    IKEv2 Diffie-Hellman Transform IDs 
IKEv2 Identification Payload ID Types 
IKEv2 Certificate Encodings 
IKEv2 Authentication Method 
IKEv2 Notify Message Types 
    IKEv2 Notification IPCOMP Transform IDs 
IKEv2 Security Protocol Identifiers 
IKEv2 Traffic Selector Types 
IKEv2 Configuration Payload CFG Types 
IKEv2 Configuration Payload Attribute Types 


IKEv2 Exchange Types 
 Value    Exchange Type               Reference
 -------  ------------------------    ---------
   0-33   RESERVED                    [RFC4306]
     34   IKE_SA_INIT                 [RFC4306] 
     35   IKE_AUTH                    [RFC4306]
     36   CREATE_CHILD_SA             [RFC4306]
     37   INFORMATIONAL               [RFC4306]
 38-239   RESERVED TO IANA            [RFC4306]
240-255   PRIVATE USE                 [RFC4306]


IKEv2 Payload Types 
 Value    Next Payload Type               Notation    Reference
 -------  -----------------               --------    ---------
      0   No Next Payload                             [RFC4306]
   1-32   RESERVED                                    [RFC4306]
     33   Security Association             SA         [RFC4306]
     34   Key Exchange                     KE         [RFC4306]
     35   Identification - Initiator       IDi        [RFC4306]
     36   Identification - Responder       IDr        [RFC4306] 
     37   Certificate                      CERT       [RFC4306]
     38   Certificate Request              CERTREQ    [RFC4306]
     39   Authentication                   AUTH       [RFC4306]
     40   Nonce                            Ni, Nr     [RFC4306]
     41   Notify                           N          [RFC4306]
     42   Delete                           D          [RFC4306]
     43   Vendor ID                        V          [RFC4306]
     44   Traffic Selector - Initiator     TSi        [RFC4306]
     45   Traffic Selector - Responder     TSr        [RFC4306]
     46   Encrypted                        E          [RFC4306]
     47   Configuration                    CP         [RFC4306]
     48   Extensible Authentication        EAP        [RFC4306]
 49-127   RESERVED TO IANA                            [RFC4306]
128-255   PRIVATE USE                                 [RFC4306]

IKEv2 Transform Types 
    IKEv2 Transform Attribute Types 
    IKEv2 Encryption Transform IDs 
    IKEv2 Pseudo-random Function Transform IDs 
    IKEv2 Integrity Algorithm Transform IDs 
    IKEv2 Diffie-Hellman Transform IDs 

Transform Type Values
Transform
  Type      Description                                 Used In          Reference
---------   -------------------------------  --------------------------  ---------
        0   RESERVED                                                     [RFC4306]
        1   Encryption Algorithm (ENCR)      (IKE and ESP)               [RFC4306]
        2   Pseudo-random Function (PRF)     (IKE)                       [RFC4306]
        3   Integrity Algorithm (INTEG)      (IKE, AH, optional in ESP)  [RFC4306]
        4   Diffie-Hellman Group (D-H)       (IKE, optional in AH & ESP) [RFC4306]
        5   Extended Sequence Numbers (ESN)  (Optional in AH and ESP)    [RFC4306]
    6-240   RESERVED TO IANA                                             [RFC4306]
  241-255   PRIVATE USE                                                  [RFC4306]

IKEv2 Transform Attribute Types
 Value        Attribute Type                Format   Reference
-----------   ----------------------------  ------   ---------
       0-13   RESERVED                               [RFC4306]
         14   Key Length (in bits)           TV      [RFC4306]
      15-17   RESERVED                               [RFC4306]
   18-16383   RESERVED TO IANA                       [RFC4306]
16384-32767   PRIVATE USE                            [RFC4306]

     For Transform Type 1 (Encryption Algorithm), 
     defined Transform IDs are:
     Number    Name                                Reference
     ------    ---------------------------------   ---------
          0    RESERVED                            [RFC4306]
          1    ENCR_DES_IV64                       [RFC1827]
          2    ENCR_DES                            [RFC2405]
          3    ENCR_3DES                           [RFC2451]
          4    ENCR_RC5                            [RFC2451]
          5    ENCR_IDEA                           [RFC2451]
          6    ENCR_CAST                           [RFC2451]
          7    ENCR_BLOWFISH                       [RFC2451]
          8    ENCR_3IDEA                          [RFC2451]
          9    ENCR_DES_IV32                       [RFC4306]
         10    RESERVED                            [RFC4306]
         11    ENCR_NULL                           [RFC2410]
         12    ENCR_AES_CBC                        [RFC3602]
         13    ENCR_AES_CTR                        [RFC3686]
         14    ENCR_AES-CCM_8                      [RFC4309]
         15    ENCR-AES-CCM_12                     [RFC4309]
         16    ENCR-AES-CCM_16                     [RFC4309]
         17    UNASSIGNED
         18    AES-GCM with a 8 octet ICV          [RFC4106]
         19    AES-GCM with a 12 octet ICV         [RFC4106]
         20    AES-GCM with a 16 octet ICV         [RFC4106]
         21    ENCR_NULL_AUTH_AES_GMAC             [RFC4543]
         22    RESERVED for IEEE P1619 XTS-AES     [Ball]
    23-1023    RESERVED TO IANA                    [RFC4306]
 1024-65535    PRIVATE USE                         [RFC4306]

     For Transform Type 2 (Pseudo-random Function), 
     defined Transform IDs are:
     Number    Name                                Reference
     ------    ---------------------------------   ---------
          0    RESERVED                            [RFC4306]
          1    PRF_HMAC_MD5                        [RFC2104]
          2    PRF_HMAC_SHA1                       [RFC2104]
          3    PRF_HMAC_TIGER                      [RFC2104]
          4    PRF_AES128_CBC                      [RFC4434]
          5    PRF_HMAC_SHA2_256                   [RFC4868]
          6    PRF_HMAC_SHA2_384                   [RFC4868]
          7    PRF_HMAC_SHA2_512                   [RFC4868]
          8    PRF_AES128_CMAC                     [RFC4615]
     9-1023    RESERVED TO IANA                    [RFC4306]
 1024-65535    PRIVATE USE                         [RFC4306]

     For Transform Type 3 (Integrity Algorithm), 
     defined Transform IDs are:
     Number    Name                                Reference
     ------    ---------------------------------   ---------
          0    NONE                                [RFC4306]
          1    AUTH_HMAC_MD5_96                    [RFC2403]
          2    AUTH_HMAC_SHA1_96                   [RFC2404]
          3    AUTH_DES_MAC                        [RFC4306]
          4    AUTH_KPDK_MD5                       [RFC1826]
          5    AUTH_AES_XCBC_96                    [RFC3566]
          6    AUTH_HMAC_MD5_128                   [RFC4595]
          7    AUTH_HMAC_SHA1_160                  [RFC4595]
          8    AUTH_AES_CMAC_96                    [RFC4494]
          9    AUTH_AES_128_GMAC                   [RFC4543]
         10    AUTH_AES_192_GMAC                   [RFC4543]
         11    AUTH_AES_256_GMAC                   [RFC4543]
         12    AUTH_HMAC_SHA2_256_128              [RFC4868]
         13    AUTH_HMAC_SHA2_384_192              [RFC4868]
         14    AUTH_HMAC_SHA2_512_256              [RFC4868]
    15-1023    RESERVED TO IANA                    [RFC4306]
 1024-65535    PRIVATE USE                         [RFC4306]

     For Transform Type 4 (Diffie-Hellman Group), 
     defined Transform IDs are:
     Number    Name                                Reference
     ------    ---------------------------------   ---------
          0    NONE                                [RFC4306]
        1-2    Defined in Appendix B               [RFC4306]    
        3-4    RESERVED                            [RFC4306]
          5    Defined in [RFC3526]                [RFC3526]
       6-13    RESERVED TO IANA                    [RFC4306]
      14-18    Defined in [RFC3526]                [RFC3526]
         19    256-bit random ECP group            [RFC4753]
         20    384-bit random ECP group            [RFC4753]
         21    521-bit random ECP group            [RFC4753]
         22    1024-bit MODP Group with 160-bit    [RFC5114]
               Prime Order Subgroup
         23    2048-bit MODP Group with 224-bit    [RFC5114]
               Prime Order Subgroup
         24    2048-bit MODP Group with 256-bit    [RFC5114]
               Prime Order Subgroup
         25    192-bit Random ECP Group            [RFC5114]
         26    224-bit Random ECP Group            [RFC5114]
    27-1023    RESERVED TO IANA                    [RFC4306] 
 1024-65535    PRIVATE USE                         [RFC4306]

     For Transform Type 5 (Extended Sequence Numbers), 
     defined Transform IDs are:
     Number    Name                                Reference
     ------    ---------------------------------   ---------
          0    No Extended Sequence Numbers        [RFC4306]
          1    Extended Sequence Numbers           [RFC4306] 
    2-65535    RESERVED                            [RFC4306]

IKEv2 Identification Payload ID Types 
 Value    ID Type                                Reference
-------   -----------------------------------    ---------
      0   RESERVED                               [RFC4306]
      1   ID_IPV4_ADDR                           [RFC4306]
      2   ID_FQDN                                [RFC4306]
      3   ID_RFC822_ADDR                         [RFC4306]
      4   Reserved to IANA                       [RFC4306]
      5   ID_IPV6_ADDR                           [RFC4306]
    6-8   Reserved to IANA                       [RFC4306]
      9   ID_DER_ASN1_DN                         [RFC4306]
     10   ID_DER_ASN1_GN                         [RFC4306]
     11   ID_KEY_ID                              [RFC4306]
     12   ID_FC_NAME                             [RFC4595]
 13-200   RESERVED TO IANA                       [RFC4306]
201-255   PRIVATE USE                            [RFC4306]


IKEv2 Certificate Encodings 
 Value     Certificate Encoding                 Reference
-------    --------------------                 ---------
       0   RESERVED                             [RFC4306]   
       1   PKCS #7 wrapped X.509 certificate    [RFC4306]  
       2   PGP Certificate                      [RFC4306]  
       3   DNS Signed Key                       [RFC4306]  
       4   X.509 Certificate - Signature        [RFC4306]  
       5   RESERVED                             [RFC4306]   
       6   Kerberos Token                       [RFC4306]  
       7   Certificate Revocation List (CRL)    [RFC4306]  
       8   Authority Revocation List (ARL)      [RFC4306]  
       9   SPKI Certificate                     [RFC4306]  
      10   X.509 Certificate - Attribute        [RFC4306]  
      11   Raw RSA Key                          [RFC4306]  
      12   Hash and URL of X.509 certificate    [RFC4306] 
      13   Hash and URL of X.509 bundle         [RFC4306]  
      14   OCSP Content                         [RFC4806]
  15-200   RESERVED TO IANA                     [RFC4306] 
 201-255   PRIVATE USE                          [RFC4306] 


IKEv2 Authentication Method 
 Value   Authentication Method                       Reference
-------  ------------------------------------------  ---------
      0  RESERVED                                    [RFC4306] 
      1  RSA Digital Signature                       [RFC4306] 
      2  Shared Key Message Integrity Code           [RFC4306]
      3  DSS Digital Signature                       [RFC4306]
    4-8  RESERVED TO IANA                            [RFC4306]
      9  ECDSA with SHA-256 on the P-256 curve       [RFC4754]
     10  ECDSA with SHA-384 on the P-384 curve       [RFC4754]
     11  ECDSA with SHA-512 on the P-521 curve       [RFC4754]
 12-200  RESERVED TO IANA                            [RFC4306]
201-255  PRIVATE USE                                 [RFC4306]

IKEv2 Notify Message Types 

   Value      NOTIFY MESSAGES - ERROR TYPES     Reference
 ----------   -----------------------------     ---------       
          0   RESERVED                          [RFC4306]
          1   UNSUPPORTED_CRITICAL_PAYLOAD      [RFC4306]
        2-3   RESERVED                          [RFC4306]
          4   INVALID_IKE_SPI                   [RFC4306]
          5   INVALID_MAJOR_VERSION             [RFC4306]
          6   RESERVED                          [RFC4306]
          7   INVALID_SYNTAX                    [RFC4306]
          8   RESERVED                          [RFC4306]
          9   INVALID_MESSAGE_ID                [RFC4306]
         10   RESERVED                          [RFC4306]
         11   INVALID_SPI                       [RFC4306]
      12-13   RESERVED                          [RFC4306]
         14   NO_PROPOSAL_CHOSEN                [RFC4306]
      15-16   RESERVED                          [RFC4306]
         17   INVALID_KE_PAYLOAD                [RFC4306]
      18-23   RESERVED                          [RFC4306]
         24   AUTHENTICATION_FAILED             [RFC4306]
      25-33   RESERVED                          [RFC4306]
         34   SINGLE_PAIR_REQUIRED              [RFC4306]
         35   NO_ADDITIONAL_SAS                 [RFC4306]
         36   INTERNAL_ADDRESS_FAILURE          [RFC4306]
         37   FAILED_CP_REQUIRED                [RFC4306]
         38   TS_UNACCEPTABLE                   [RFC4306]
         39   INVALID_SELECTORS                 [RFC4306]
         40   UNACCEPTABLE_ADDRESSES            [RFC4555]
         41   UNEXPECTED_NAT_DETECTED           [RFC4555]
         42   USE_ASSIGNED_HoA                  [RFC5026]
    43-8191   RESERVED TO IANA - Error types    [RFC4306]
 8192-16383   PRIVATE USE - Error types         [RFC4306]

   Value      NOTIFY MESSAGES - STATUS TYPES    Reference
-----------   ------------------------------    ---------       
      16384   INITIAL_CONTACT                   [RFC4306]             
      16385   SET_WINDOW_SIZE                   [RFC4306]
      16386   ADDITIONAL_TS_POSSIBLE            [RFC4306]
      16387   IPCOMP_SUPPORTED                  [RFC4306]
      16388   NAT_DETECTION_SOURCE_IP           [RFC4306]         
      16389   NAT_DETECTION_DESTINATION_IP      [RFC4306]       
      16390   COOKIE                            [RFC4306]       
      16391   USE_TRANSPORT_MODE                [RFC4306]       
      16392   HTTP_CERT_LOOKUP_SUPPORTED        [RFC4306]       
      16393   REKEY_SA                          [RFC4306]       
      16394   ESP_TFC_PADDING_NOT_SUPPORTED     [RFC4306]      
      16395   NON_FIRST_FRAGMENTS_ALSO          [RFC4306]       
      16396   MOBIKE_SUPPORTED                  [RFC4555]
      16397   ADDITIONAL_IP4_ADDRESS            [RFC4555]          
      16398   ADDITIONAL_IP6_ADDRESS            [RFC4555]   
      16399   NO_ADDITIONAL_ADDRESSES           [RFC4555]      
      16400   UPDATE_SA_ADDRESSES               [RFC4555]     
      16401   COOKIE2                           [RFC4555]
      16402   NO_NATS_ALLOWED                   [RFC4555]         
      16403   AUTH_LIFETIME                     [RFC4478]
      16404   MULTIPLE_AUTH_SUPPORTED           [RFC4739]
      16405   ANOTHER_AUTH_FOLLOWS              [RFC4739]
16406-40959   RESERVED TO IANA - Status types   [RFC4306]  
40960-65535   PRIVATE USE - Status types        [RFC4306]   

IKEv2 Notification IPCOMP Transform IDs 
Value      Compression Type        Reference
-------    -----------------       ---------
      0    RESERVED                [RFC4306]
      1    IPCOMP_OUI              [RFC4306]
      2    IPCOMP_DEFLATE          [RFC2394]
      3    IPCOMP_LZS              [RFC2395]
      4    IPCOMP_LZJH             [RFC3051]
  5-240    RESERVED TO IANA        [RFC4306] 
241-255    PRIVATE USE             [RFC4306]

IKEv2 Security Protocol Identifiers 
Protocol ID   Protocol                Reference
-----------   ----------------------  ---------
          0   RESERVED                [RFC4306]
          1   IKE                     [RFC4306]
          2   AH                      [RFC4306]
          3   ESP                     [RFC4306]
          4   FC_ESP_HEADER           [RFC4595]
          5   FC_CT_AUTHENTICATION    [RFC4595]
      6-200   RESERVED TO IANA        [RFC4306]
    201-255   PRIVATE USE             [RFC4306]


IKEv2 Traffic Selector Types 
 Value    TS Type                                       Reference
-------   --------------------------------------------  ---------
    0-6   RESERVED                                      [RFC4306]
      7   TS_IPV4_ADDR_RANGE                            [RFC4306]          
      8   TS_IPV6_ADDR_RANGE                            [RFC4306]
      9   TS_FC_ADDR_RANGE                              [RFC4595]
  10-240  RESERVED TO IANA                              [RFC4306]
 241-255  PRIVATE USE                                   [RFC4306]


IKEv2 Configuration Payload CFG Types 
 Value   CFG Type             Reference
-------  -------------------  ---------
      0  RESERVED             [RFC4306]
      1  CFG_REQUEST          [RFC4306]
      2  CFG_REPLY            [RFC4306]
      3  CFG_SET              [RFC4306]
      4  CFG_ACK              [RFC4306]
  5-127  RESERVED TO IANA     [RFC4306]
128-255  PRIVATE USE          [RFC4306]


IKEv2 Configuration Payload Attribute Types 
                                    Multi-
 Value    Attribute Type            Valued  Length          Reference
-------   ------------------------  ------  --------------  ---------
      0   RESERVED                                          [RFC4306]
      1   INTERNAL_IP4_ADDRESS        YES*  0 or 4 octets   [RFC4306]
      2   INTERNAL_IP4_NETMASK        NO    0 or 4 octets   [RFC4306]
      3   INTERNAL_IP4_DNS            YES   0 or 4 octets   [RFC4306]
      4   INTERNAL_IP4_NBNS           YES   0 or 4 octets   [RFC4306]
      5   INTERNAL_ADDRESS_EXPIRY     NO    0 or 4 octets   [RFC4306]
      6   INTERNAL_IP4_DHCP           YES   0 or 4 octets   [RFC4306]
      7   APPLICATION_VERSION         NO    0 or more       [RFC4306]
      8   INTERNAL_IP6_ADDRESS        YES*  0 or 17 octets  [RFC4306]
      9   RESERVED                                          [RFC4306]
     10   INTERNAL_IP6_DNS            YES   0 or 16 octets  [RFC4306]
     11   INTERNAL_IP6_NBNS           YES   0 or 16 octets  [RFC4306]
     12   INTERNAL_IP6_DHCP           YES   0 or 16 octets  [RFC4306]
     13   INTERNAL_IP4_SUBNET         YES   0 or 8 octets   [RFC4306]
     14   SUPPORTED_ATTRIBUTES        NO    Multiple of 2   [RFC4306]
     15   INTERNAL_IP6_SUBNET         YES   17 octets       [RFC4306]
     16   MIP6_HOME_PREFIX            YES   0 or 21 octets  [RFC5026]
17-16383  RESERVED TO IANA                                  [RFC4306]
16384-32767 PRIVATE USE                                     [RFC4306]
            
* These attributes may be multi-valued on return only if
  multiple values were requested.

References
----------
[RFC1826]   R. Atkinson, "IP Authentication Header", RFC 1826, August 1995.

[RFC1827]   R. Atkinson, "IP Encapsulating Security Payload (ESP)", RFC 1827,
            August 1995.

[RFC2104]   H. Krawczyk, M. Bellare, and R. Canetti, "HMAC: Keyed-Hashing for 
            Message Authentication", RFC 2104, February 1997.

[RFC2394]   R. Pereira, "IP Payload Compression Using DEFLATE", RFC 2394,
            December 1998.

[RFC2395]   R. Friend and R. Monsour, "IP Payload Compression Using LZS", 
            RFC 2395, December 1998.

[RFC2403]   C. Madson and R. Glenn, "The Use of HMAC-MD5-96 within ESP and AH",
            RFC 2403, November 1998.     

[RFC2404]   C. Madson and R. Glenn, "The Use of HMAC-SHA-1-96 within ESP and AH",
            RFC 2404, November 1998.

[RFC2405]   C. Madson and N. Doraswamy, "The ESP DES-CBC Cipher Algorithm
            With Explicit IV", RFC 2405, November 1998.                 

[RFC2410]   R. Glenn and S. Kent, "The NULL Encryption Algorithm and Its Use 
            With IPsec", November 1998.

[RFC2451]   K. Poduri and K. Nichols, "Simulation Studies of Increased Initial 
            TCP Window Size", RFC 2451, September 1998.

[RFC3051]   J. Heath and J. Border, "IP Payload Compression Using ITU-T V.44 
            Packet Method", RFC 3051, January 2001.

[RFC3526]   T. Kivinen and M. Kojo, "More Modular Exponential (MODP) 
            Diffie-Hellman groups for Internet Key Exchange (IKE)",
            RFC 3526, May 2003.

[RFC3566]   S. Frankel and H. Herbert, "The AES-XCBC-MAC-96 Algorithm and 
            Its Use With IPsec", RFC 3566, September 2003.

[RFC3602]   S. Frankel, R. Glenn, and S. Kelly, "The AES-CBC Cipher 
            Algorithm and Its Use with IPsec", RFC 3602, September 2003.

[RFC3686]   R. Housley, "Using Advanced Encryption Standard (AES) Counter Mode
            With IPsec Encapsulating Security Payload (ESP)", RFC 3686, January 2004.

[RFC4106]  J. Viega and D. McGrew, "The Use of Galois/Counter Mode (GCM) in IPsec ESP",
           RFC 4106, June 2005.

[RFC4306]  C. Kaufman, Ed., "Internet Key Exchange (IKEv2) Protocol",
           RFC 4306, December 2005.

[RFC4309]  R. Housley, "Using AES CCM Mode With IPsec E", RFC 4309, December 2005.

[RFC4434]  P. Hoffman, "The AES-XCBC-PRF-128 Algorithm for the Internet Key 
            Exchange Protocol (IKE)", RFC 4434, February 2006.

[RFC4595]  F. Maino and D. Black, "Use of IKEv2 in The Fibre Channel Security 
           Association Management Protocol", RFC 4595, July 2006.

[RFC4494]  J. Song, R. Poovendran and J. Lee, "The AES-CMAC-96 Algorithm and 
           its use with IPsec", RFC 4494, June 2006.

[RFC4555]  P. Eronen, "IKEv2 Mobility and Multihoming Protocol (MOBIKE)", RFC 4555,
           June 2006.

[RFC4478]  Y. Nir, "Repeated Authentication in IKEv2", RFC 4478, April 2006.

[RFC4543]  D. McGrew and J. Viega, "The Use of Galois Message Authentication 
           Code (GMAC) in IPsec ESP and AH", RFC 4543, May 2006.

[RFC4615]  J. Song, R. Poovendran, J. Lee and T. Iwata, "The AES-CMAC-PRF-128 
           Algorithm for the Internet Key Exchange Protocol (IKE)", RFC 4615,
           August 2006.

[RFC4739]  P. Eronen, J. Korhonen, "Multiple Authentication Exchanges 
           in IKEv2", RFC 4739, November 2006.

[RFC4753]  D. Fu, J. Solinas, "ECP Groups For IKE and IKEv2",
           RFC 4753, January 2007.

[RFC4754]  D. Fu, J. Solinas, "IKE and IKEv2 Authentication Using ECDSA",
           RFC 4754, January 2007.
 
[RFC4806]  M. Myers, H. Tschofenig, "OCSP Extensions to IKEv2", 
           RFC 4806, February 2007.

[RFC4868]  S. Kelly, S. Frankel, "Using HMAC-SHA-256, HMAC-SHA-384, 
           and HMAC-SHA-512 With IPsec", RFC 4868, May 2007.

[RFC5026]  G. Giaretta, Ed., J. Kempf and V. Devarapalli, Ed., "Mobile IPv6 
           bootstrapping in split scenario", RFC 5026, October 2007.

[RFC5114]  M. Lepinski, S. Kent, "Additional Diffie-Hellman Groups for use 
           with IETF Standards", RFC 5114, January 2008.

People
------
[Ball]  Matt Ball, <matt.ball&ieee.org>, 2007-10-11.

(registry created 2005-01-18)

[]


