Title: Algorithms for Internet Key Exchange version 1 (IKEv1)
Author(s): P. Hoffman
Status: Standards Track
Date: May 2005
Pages: 5
Updates: 2409
URL: ftp://ftp.rfc-editor.org/in-notes/rfc4109.txt
The required and suggested algorithms in the original Internet Key Exchange version 1 (IKEv1) specification do not reflect the current reality of the IPsec market requirements. The original specification allows weak security and suggests algorithms that are thinly implemented. This document updates RFC 2409, the original specification, and is intended for all IKEv1 implementations deployed today.
Algorithm------------------RFC 2409-----RFC 4109
---------------------------------------------------------------
DES for encryption---------MUST-------MAY (crypto weakness)
TripleDES for encryption----SHOULD-----MUST
AES-128 for encryption-----N/A--------SHOULD
MD5 for hashing and HMAC--MUST-------MAY (crypto weakness)
SHA1 for hashing and HMAC-MUST-------MUST
Tiger for hashing------------SHOULD-----MAY (lack of deployment)
AES-XCBC-MAC-96 for PRF--N/A--------SHOULD
Pre-shared secrets---------MUST-------MUST
RSA with signatures--------SHOULD-----SHOULD
DSA with signatures--------SHOULD-----MAY (lack of deployment)
RSA with encryption--------SHOULD-----MAY (lack of deployment)
D-H Group 1 (768)----------MUST-------MAY (crypto weakness)
D-H Group 2 (1024)---------SHOULD-----MUST
D-H Group 14 (2048)--------N/A--------SHOULD
D-H elliptic curves----------SHOULD-----MAY (lack of deployment)