Network Working Group R. Thayer
Request for Comments: 2411 Sable Technology Corporation
Category: Informational N. Doraswamy
Bay Networks
R. Glenn
NIST
November 1998
Network Working Group R. Thayer
Request for Comments: 2411 Sable Technology Corporation
Category: Informational N. Doraswamy
Bay Networks
R. Glenn
NIST
November 1998
IP Security Document Roadmap
IP安全文档路线图
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
Abstract
摘要
The IPsec protocol suite is used to provide privacy and authentication services at the IP layer. Several documents are used to describe this protocol suite. The interrelationship and organization of the various documents covering the IPsec protocol are discussed here. An explanation of what to find in which document, and what to include in new Encryption Algorithm and Authentication Algorithm documents are described.
IPsec协议套件用于在IP层提供隐私和身份验证服务。使用了多个文档来描述此协议套件。这里讨论了涉及IPsec协议的各种文档的相互关系和组织。描述了在哪个文档中查找什么,以及在新的加密算法和认证算法文档中包含什么。
Table of Contents
目录
1. Introduction ................................................2
2. Interrelationship of IPsec Documents ........................2
3. Keying Material .............................................4
4. Recommended Content of Algorithm Documents ..................5
4.1 Encryption and Authentication Algorithms ...................5
4.2 Encryption Algorithms ......................................6
4.3 Authentication Algorithms ..................................7
5. Security Considerations .....................................8
6. Acknowledgments .............................................8
7. References ..................................................9
8. Authors' Addresses .........................................10
9. Full Copyright Statement ...................................11
1. Introduction ................................................2
2. Interrelationship of IPsec Documents ........................2
3. Keying Material .............................................4
4. Recommended Content of Algorithm Documents ..................5
4.1 Encryption and Authentication Algorithms ...................5
4.2 Encryption Algorithms ......................................6
4.3 Authentication Algorithms ..................................7
5. Security Considerations .....................................8
6. Acknowledgments .............................................8
7. References ..................................................9
8. Authors' Addresses .........................................10
9. Full Copyright Statement ...................................11
This document is intended to provide guidelines for the development of collateral specifications describing the use of new encryption and authentication algorithms with the ESP protocol, described in [ESP] and new authentication algorithms used with the AH protocol, described in [AH]. ESP and AH are part of the IP Security architecture described in [Arch]. There is a requirement for a well-known procedure that can be used to add new encryption algorithms or authentication algorithms to ESP and AH, not only while the initial document set is undergoing development but after the base documents have achieved RFC status. Following the guidelines discussed below simplifies adding new algorithms and reduces that amount of redundant documentation.
本文件旨在为辅助规范的制定提供指导方针,这些规范描述了[ESP]中所述的ESP协议使用的新加密和认证算法,以及[AH]中所述的AH协议使用的新认证算法。ESP和AH是[Arch]中描述的IP安全体系结构的一部分。不仅在初始文档集正在开发时,而且在基本文档达到RFC状态后,需要一个可用于向ESP和AH添加新加密算法或身份验证算法的众所周知的过程。遵循下面讨论的指导原则可以简化添加新算法的过程,并减少冗余文档的数量。
The goal in writing a new Encryption Algorithm or Authentication Algorithm document is to concentrate on the application of the specific algorithm within ESP and AH. General ESP and AH concepts, definitions, and issues are covered in the ESP and AH documents. The algorithms themselves are not described in these documents. This gives us the capability to add new algorithms and also specify how any given algorithm might interact with other algorithms. The intent is to achieve the goal of avoiding duplication of information and excessive numbers of documents, the so-called "draft explosion" effect.
编写新的加密算法或身份验证算法文档的目的是专注于ESP和AH中特定算法的应用。ESP和AH的一般概念、定义和问题包含在ESP和AH文档中。这些文件中没有描述算法本身。这使我们能够添加新算法,并指定任何给定算法如何与其他算法交互。其目的是实现避免信息重复和文件数量过多的目标,即所谓的“草案爆炸”效应。
The documents describing the set of IPsec protocols are divided into seven groups. This is illustrated in Figure 1. There is a main Architecture document which broadly covers the general concepts, security requirements, definitions, and mechanisms defining IPsec technology.
描述IPsec协议集的文档分为七组。这如图1所示。有一个主要的体系结构文档,它广泛地涵盖了定义IPsec技术的一般概念、安全要求、定义和机制。
There is an ESP Protocol document and an AH Protocol document which covers the packet format and general issues regarding the respective protocols. These protocol documents also contain default values if appropriate, such as the default padding contents, and mandatory to implement algorithms. These documents dictate some of the values in the Domain Of Interpretation document [DOI]. Note the DOI document is itself part of the IANA Assigned Numbers mechanism and so the values described in the DOI are well-known. See [DOI] for more information on the mechanism.
有一份ESP协议文件和一份AH协议文件,其中涵盖了数据包格式和有关各自协议的一般问题。如果合适,这些协议文档还包含默认值,例如默认填充内容,并且是实现算法所必需的。这些文件规定了解释文件[DOI]领域中的一些值。注意DOI文档本身是IANA分配编号机制的一部分,因此DOI中描述的值是众所周知的。有关该机制的更多信息,请参见[DOI]。
The "Encryption Algorithm" document set, shown on the left, is the set of documents describing how various encryption algorithms are used for ESP. These documents are intended to fit in this roadmap, and should avoid overlap with the ESP protocol document and with the
“加密算法”文档集(如左图所示)是描述如何将各种加密算法用于ESP的文档集。这些文档旨在符合本路线图,并且应避免与ESP协议文档和
Authentication Algorithm documents. Examples of this document are the [DES-Detroit] and [CBC] documents. When these or other encryption algorithms are used for ESP, the DOI document has to indicate certain values, such as an encryption algorithm identifier, so these documents provide input to the DOI.
认证算法文档。本文件的示例为[DES Detroit]和[CBC]文件。当这些或其他加密算法用于ESP时,DOI文档必须指示某些值,例如加密算法标识符,因此这些文档向DOI提供输入。
The "Authentication Algorithm" document set, shown on the right, is the set of documents describing how various authentication algorithms are used for both ESP and AH. These documents are intended to fit in this roadmap, and should avoid overlap with the AH protocol document and with the Encryption Algorithm documents. Examples of this document are the [HMAC-MD5], and [HMAC-SHA-1] documents. When these or other algorithms are used for either ESP or AH, the DOI document has to indicate certain values, such as algorithm type, so these documents provide input to the DOI.
右侧显示的“身份验证算法”文档集是一组文档,描述了ESP和AH如何使用各种身份验证算法。这些文档旨在符合此路线图,并且应避免与AH协议文档和加密算法文档重叠。本文件的示例为[HMAC-MD5]和[HMAC-SHA-1]文件。当这些或其他算法用于ESP或AH时,DOI文档必须指示某些值,例如算法类型,因此这些文档向DOI提供输入。
The "Key Management Documents", shown at the bottom, are the documents describing the IETF standards-track key management schemes. These documents provide certain values for the DOI also. Note that issues of key management should be indicated here and not in, for example, the ESP and AH protocol documents. Currently this box represents [ISAKMP], [Oakley], and [Resolution].
底部显示的“密钥管理文件”是描述IETF标准跟踪密钥管理方案的文件。这些文件也为内政部提供了某些价值。请注意,密钥管理问题应在此处指明,而不是在ESP和AH协议文件中指明。目前,此框表示[ISAKMP]、[Oakley]和[Resolution]。
The DOI document, shown in the middle, contains values needed for the other documents to relate to each other. This includes for example encryption algorithms, authentication algorithms, and operational parameters such as key lifetimes.
在中间显示的DOI文档包含其他文档相互关联所需的值。这包括例如加密算法、身份验证算法和操作参数,例如密钥寿命。
+--------------+
| Architecture |
+--------------+
v v
+<-<-<-<-+ +->->->->+
v v
+----------+ +----------+
| ESP | | AH |
| Protocol | | Protocol |
+----------+ +----------+
v v v v
v +->->->->->->->->+ v v
v v v v v
v v v v v
v +------------+ +----------------+ v
v | +------------+ | +----------------+ v
v | | Encryption | | | Authentication | v
v +-| Algorithm | +-| Algorithm | v
v +------------+ +----------------+ v
v v v v
v v +-----+ v v
+>->->->-+->->->->| DOI |<-<-<-<-+-<-<-<-<-+
+-----+
^
^
+------------+
| KEY |
| MANAGEMENT |
+------------+
+--------------+
| Architecture |
+--------------+
v v
+<-<-<-<-+ +->->->->+
v v
+----------+ +----------+
| ESP | | AH |
| Protocol | | Protocol |
+----------+ +----------+
v v v v
v +->->->->->->->->+ v v
v v v v v
v v v v v
v +------------+ +----------------+ v
v | +------------+ | +----------------+ v
v | | Encryption | | | Authentication | v
v +-| Algorithm | +-| Algorithm | v
v +------------+ +----------------+ v
v v v v
v v +-----+ v v
+>->->->-+->->->->| DOI |<-<-<-<-+-<-<-<-<-+
+-----+
^
^
+------------+
| KEY |
| MANAGEMENT |
+------------+
Figure 1. IPsec Document Roadmap.
图1。IPsec文档路线图。
Describing the encryption and authentication algorithms in different documents raises the issue of how the key management protocols knows the required keying material length for the desired algorithms when used together with ESP. It also raises the issue of how to divide the keying material. This is known as the "slicing and dicing" information.
描述不同文档中的加密和身份验证算法会引发一个问题:当与ESP一起使用时,密钥管理协议如何知道所需算法所需的密钥材料长度。这也会引发如何划分密钥材料的问题。这就是所谓的“切片和切割”信息。
Each Encryption Algorithm and Authentication Algorithm document should specify their respective key attributes (e.g. how to pad, location of parity bits, key order for multi-keyed algorithms, and length). The key management protocols should use the length of the keys specified in the respective Algorithm documents to generate the keying material of required length.
每个加密算法和认证算法文档应指定各自的密钥属性(例如,如何填充、奇偶校验位的位置、多密钥算法的密钥顺序和长度)。密钥管理协议应使用各算法文件中指定的密钥长度,以生成所需长度的密钥材料。
The key management protocol generates keying material with enough strength and size to generate keys for individual algorithms. The IPsec Architecture document specifies how keys are extracted from a single block of keying material when multiple keys are required (e.g. ESP with authentication). The Encryption Algorithm and
密钥管理协议生成具有足够强度和大小的密钥材料,以便为各个算法生成密钥。IPsec体系结构文档规定了当需要多个密钥(例如,ESP认证)时,如何从单个密钥材料块中提取密钥。加密算法及其应用
Authentication Algorithm documents are responsible for specifying the key sizes and strengths for each algorithm. However, whether the entire keying material is passed down to the kernel to perform slicing and dicing or if the keys are sliced and diced by key management protocol is an implementation issue. The AH protocol document has no such requirement.
身份验证算法文档负责指定每个算法的密钥大小和强度。然而,是否将整个键控材料传递给内核以执行切片和切分,或者是否通过密钥管理协议对密钥进行切片和切分是一个实现问题。AH协议文件没有此类要求。
The document describing how a specific encryption or authentication algorithm is used should contain information appropriate to that encryption or authentication algorithm. This section enumerates what information should be provided. It is the intention of the document roadmap that:
描述如何使用特定加密或身份验证算法的文档应包含适用于该加密或身份验证算法的信息。本节列举了应提供的信息。文件路线图的意图是:
. General protocol information goes in the respective ESP or AH protocol documents. . Key management information goes in the key management documents. . Assigned values and constants of negotiable items go in the DOI document.
. 一般协议信息在各自的ESP或AH协议文件中。关键管理信息包含在关键管理文档中。可转让项目的赋值和常量记入DOI文档。
Encryption and authentication algorithms require some set of optional parameters or have optional modes of operation (e.g. IVs, authentication data lengths, and key lengths). To help eliminate some complexity involved with key management having to negotiate large numbers of algorithm-specific parameters, encryption and authentication algorithm documents will select fixed values for these parameters when it is deemed technically reasonable and feasible.
加密和身份验证算法需要一些可选参数集或具有可选的操作模式(例如IVs、身份验证数据长度和密钥长度)。为了帮助消除密钥管理必须协商大量特定于算法的参数所涉及的一些复杂性,加密和身份验证算法文档将在技术上合理可行时为这些参数选择固定值。
Note, the following information is intended as a general guideline only.
注意,以下信息仅作为一般指南。
This section describes the information that should be included in both Encryption Algorithm and Authentication Algorithm documents.
本节介绍加密算法和身份验证算法文档中应包含的信息。
Keying Material
键控材料
. Size of keys, including minimum, maximum, recommended and/or required sizes. Note: the security considerations section should address any weakness in specific sizes.
. 钥匙尺寸,包括最小、最大、建议和/或要求的尺寸。注意:安全注意事项部分应解决特定尺寸中的任何弱点。
. Recommended or required pseudo-random number generator techniques and attributes to provide sufficiently strong keys. [RANDOM] provides recommendations on generating strong randomness for use with security. . Format of keying material. . Known weak keys or references to documentation on known weak keys. . Recommended or required processing of input keying material such as parity generation or checking. . Requirements and/or recommendations on how often the keying material should be refreshed.
. 推荐或要求的伪随机数生成器技术和属性,以提供足够强的密钥。[RANDOM]提供有关生成强随机性以用于安全性的建议。键入材料的格式。已知弱密钥或对已知弱密钥文档的引用。建议或要求对输入键控材料进行处理,如奇偶校验生成或检查。关于键控材料刷新频率的要求和/或建议。
Performance Considerations . Any available estimates on performance of this algorithm. . Any available comparison data (e.g., compared against DES or MD5). . Input size or other considerations that could improve or degrade performance.
性能考虑。对该算法性能的任何可用估计。任何可用的比较数据(例如,与DES或MD5进行比较)。可能提高或降低性能的输入大小或其他注意事项。
ESP Environmental Considerations . Any known issues regarding interactions between this algorithm and other aspects of ESP, such as use of certain authentication schemes. Note: As new encryption and authentication algorithms are applied to ESP, the later documents will be required to address interactions with previously specified algorithms.
特别是环境方面的考虑。关于此算法与ESP的其他方面之间的交互的任何已知问题,例如某些身份验证方案的使用。注意:由于新的加密和身份验证算法应用于ESP,因此需要后续文档来解决与先前指定算法的交互。
Payload Content and Format Description . Specification of size, placement, and content of algorithm-specific fields not defined in the ESP or AH protocol documents (e.g., IV).
有效负载内容和格式描述。ESP或AH协议文件(如IV)中未定义的算法特定字段的大小、位置和内容规范。
Security Considerations . Discuss any known attacks. . Discuss any known common implementation pitfalls, such as use of weak random number generators. . Discuss any relevant validation procedures, such as test vectors. [RFC-2202] is an example document containing test vectors for a set of authentication algorithms.
安全考虑。讨论任何已知的攻击。讨论任何已知的常见实现陷阱,例如使用弱随机数生成器。讨论任何相关的验证程序,如测试向量。[RFC-2202]是包含一组认证算法的测试向量的示例文档。
This section describes the information that should be included in the Encryption Algorithm documents.
本节介绍加密算法文档中应包含的信息。
Encryption Algorithm Description . General information how this encryption algorithm is to be used in ESP. . Description of background material and formal algorithm description.
加密算法说明。有关如何在ESP中使用此加密算法的一般信息。背景资料描述和形式化算法描述。
. Features of this encryption algorithm to be used by ESP, including encryption and/or authentication. . Mention of any availability issues such as Intellectual Property considerations. . References, in IETF style, to background material such as FIPS documents.
. ESP使用的此加密算法的功能,包括加密和/或身份验证。提及任何可用性问题,如知识产权方面的考虑。IETF风格的背景资料参考,如FIPS文件。
Algorithm Modes of Operation . Description of how the algorithm is operated, whether it is block mode or streaming mode or other. . Requirements for input or output block format. . Padding requirements of this algorithm. Note: there is a default for padding, specified in the base ESP document, so this is only needed if the default cannot be used. . Any algorithm-specific operating parameters, such as number of rounds. . Identify optional parameters and optional methods of operation and pick reasonable fixed values and methods with explicit technical explanations. . Identify those optional parameters in which values and methods should remain optional with explicit technical explanations on why fixed values and methods should not be used. . Defaults and mandatory ranges on algorithm-specific optional parameters that could not be fixed.
算法操作模式。描述算法的操作方式,无论是块模式、流模式还是其他模式。输入或输出块格式的要求。该算法的填充要求。注意:基本ESP文档中指定了填充的默认值,因此只有在无法使用默认值时才需要填充。任何特定于算法的操作参数,如轮数。确定可选参数和可选操作方法,选择合理的固定值和方法,并提供明确的技术说明。确定那些可选参数,其中值和方法应保持可选,并对不应使用固定值和方法的原因进行明确的技术解释。无法修复的特定于算法的可选参数的默认值和强制范围。
This section describes the information that should be included in the Authentication Algorithm documents. In most cases, an authentication algorithm will operate the same whether it is used for ESP or AH. This should be represented in a single Authentication Algorithm document.
本节介绍身份验证算法文档中应包含的信息。在大多数情况下,无论是用于ESP还是AH,身份验证算法的操作都是相同的。这应该在单个身份验证算法文档中表示。
Authentication Algorithm Description . General information on how this authentication algorithm is to be used with ESP and AH. . Description of background material and formal algorithm description. . Features of this authentication algorithm. . Mention of any availability issues such as Intellectual Property considerations. . References, in IETF style, to background material such as FIPS documents and definitive descriptions of underlying algorithms.
认证算法描述。有关如何将此身份验证算法用于ESP和AH的一般信息。背景资料说明和正式算法说明。此身份验证算法的功能。提及任何可用性问题,如知识产权方面的考虑。IETF风格的背景资料参考,如FIPS文件和底层算法的最终描述。
Algorithm Modes of Operation . Description of how the algorithm is operated.
算法操作模式。描述如何操作该算法。
. Algorithm-specific operating parameters, such as number of rounds, and input or output block format. . Implicit and explicit padding requirements of this algorithm. Note: There is a default method for padding of the authentication data field specified in the AH protocol document. This is only needed if the default cannot be used. . Identify optional parameters and optional methods of operation and pick reasonable fixed values and methods with explicit technical explanations. . Identify those optional parameters in which values and methods should remain optional with explicit technical explanations on why fixed values and methods should not be used. . Defaults and mandatory ranges on algorithm-specific optional parameters that could not be fixed. . Authentication data comparison criteria for this algorithm. Note: There is a default method for verifying the authentication data specified in the AH protocol document. This is only needed if the default cannot be used (e.g. when using a signed hash).
. 特定于算法的操作参数,如轮数和输入或输出块格式。此算法的隐式和显式填充要求。注意:对于AH协议文档中指定的身份验证数据字段,有一种默认填充方法。仅当无法使用默认值时才需要此选项。确定可选参数和可选操作方法,选择合理的固定值和方法,并提供明确的技术说明。确定那些可选参数,其中值和方法应保持可选,并对不应使用固定值和方法的原因进行明确的技术解释。无法修复的特定于算法的可选参数的默认值和强制范围。此算法的身份验证数据比较标准。注意:存在用于验证AH协议文档中指定的身份验证数据的默认方法。仅当无法使用默认值时(例如,使用签名哈希时)才需要此选项。
This document provides a roadmap and guidelines for writing Encryption and Authentication Algorithm documents. The reader should follow all the security procedures and guidelines described in the IPsec Architecture, ESP Protocol, AH Protocol, Encryption Algorithm, and Authentication Algorithm documents. Note that many encryption algorithms are not considered secure if they are not used with some sort of authentication mechanism.
本文档提供了编写加密和身份验证算法文档的路线图和指南。读者应遵循IPsec体系结构、ESP协议、AH协议、加密算法和身份验证算法文档中描述的所有安全过程和指南。请注意,如果许多加密算法没有与某种身份验证机制一起使用,则它们被认为是不安全的。
Several Internet drafts were referenced in writing this document. Depending on where the documents are on (or off) the IETF standards track these may not be available through the IETF RFC repositories. In certain cases the reader may want to know what version of these documents were referenced. These documents are:
在编写本文件时,参考了几份互联网草案。根据文件打开(或关闭)的位置,IETF标准跟踪文件可能无法通过IETF RFC存储库获得。在某些情况下,读者可能想知道引用了这些文档的哪个版本。这些文件是:
. DES-Detroit: this is the ANX Workshop style of ESP, based on the Hughes draft as modified by Cheryl Madson and published on the ANX mailing list. . DOI: draft-ietf-ipsec-ipsec-doi-02.txt. . 3DES: this is <the Triple-DES shim document>. . CAST: this is draft-ietf-ipsec-esp-cast-128-cbc-00.txt, as revised to relate to this document. . ESP: draft-ietf-ipsec-esp-04.txt, mailed to the IETF mailing list in May/June 1997. . AH: draft-ietf-ipsec-auth-05.txt, mailed to the IETF mailing list in May/June 1997.
. DES Detroit:这是ESP的ANX车间风格,基于Cheryl Madson修改的休斯草案,并发布在ANX邮件列表上。DOI:draft-ietf-ipsec-ipsec-DOI-02.txt。3DES:这是<Triple DES shim document>。CAST:这是草案-ietf-ipsec-esp-CAST-128-cbc-00.txt,经修订后与本文件相关。ESP:draft-ietf-ipsec-ESP-04.txt,于1997年5月/6月邮寄至ietf邮件列表。AH:draft-ietf-ipsec-auth-05.txt,于1997年5月/6月邮寄至ietf邮件列表。
. HUGHES: this is draft-ietf-ipsec-esp-des-md5-03.txt . ISAKMP: There are three documents describing ISAKMP. These are draft-ietf-ipsec-isakmp-07.txt, draft-ietf-ipsec-isakmp-oakley-03.txt, and draft-ietf-ipsec-ipsec-doi-02.txt.
. 休斯:这是draft-ietf-ipsec-esp-des-md5-03.txt。ISAKMP:有三个文档描述ISAKMP。它们是draft-ietf-ipsec-isakmp-07.txt、draft-ietf-ipsec-isakmp-oakley-03.txt和draft-ietf-ipsec-ipsec-doi-02.txt。
[CBC] Periera, R., and R. Adams, "The ESP CBC-Mode Cipher Algorithms", RFC 2451, November 1998.
[CBC]Periera,R.和R.Adams,“ESP CBC模式密码算法”,RFC 2451,1998年11月。
[Arch] Kent, S., and R. Atkinson, "Security Architecture for the Internet Protocol", RFC 2401, November 1998.
[Arch]Kent,S.和R.Atkinson,“互联网协议的安全架构”,RFC 2401,1998年11月。
[DES-Detroit] Madson, C., and N. Doraswamy, "The ESP DES-CBC Cipher Algorithm With Explicit IV", RFC 2405, November 1998.
[DES Detroit]Madson,C.和N.Doraswamy,“带显式IV的ESP DES-CBC密码算法”,RFC 2405,1998年11月。
[DOI] Piper, D., "The Internet IP Security Domain of Interpretation for ISAKMP", RFC 2407, November 1998.
[DOI]Piper,D.,“ISAKMP解释的互联网IP安全域”,RFC 2407,1998年11月。
[AH] Kent, S., and R. Atkinson, "IP Authentication Header", RFC 2402, November 1998.
[AH]Kent,S.和R.Atkinson,“IP认证头”,RFC 2402,1998年11月。
[ESP] Kent, S., and R. Atkinson, "IP Encapsulating Security Payload (ESP)", RFC 2406, November 1998.
[ESP]Kent,S.和R.Atkinson,“IP封装安全有效负载(ESP)”,RFC 2406,1998年11月。
[HMAC] Krawczyk, K., Bellare, M., and R. Canetti, "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997.
[HMAC]Krawczyk,K.,Bellare,M.和R.Canetti,“HMAC:用于消息身份验证的键控哈希”,RFC 2104,1997年2月。
[HMAC-MD5] Madson, C., and R. Glenn, "The Use of HMAC-MD5 within ESP and AH", RFC 2403, November 1998.
[HMAC-MD5]Madson,C.和R.Glenn,“HMAC-MD5在ESP和AH中的使用”,RFC 2403,1998年11月。
[HMAC-SHA-1] Madson, C., and R. Glenn, "The Use of HMAC-SHA-1 within ESP and AH", RFC 2404, November 1998.
[HMAC-SHA-1]Madson,C.和R.Glenn,“HMAC-SHA-1在ESP和AH中的使用”,RFC 2404,1998年11月。
[RANDOM] Eastlake, D., Crocker, S., and J. Schiller, "Randomness Recommendations for Security", RFC 1750, December 1994.
[RANDOM]Eastlake,D.,Crocker,S.,和J.Schiller,“安全的随机性建议”,RFC 1750,1994年12月。
[RFC-2202] Cheng, P., and R. Glenn, "Test Cases for HMAC-MD5 and HMAC-SHA-1", RFC 2202, March 1997.
[RFC-2202]Cheng,P.和R.Glenn,“HMAC-MD5和HMAC-SHA-1的测试案例”,RFC 2202,1997年3月。
Rodney Thayer Sable Technology Corporation 246 Walnut Street Newton, Massachusetts 02160
罗德尼·塞耶·塞布尔科技公司马萨诸塞州牛顿胡桃街246号02160
EMail: mailto:rodney@sabletech.com
EMail: mailto:rodney@sabletech.com
Naganand Doraswamy Bay Networks
纳加南多拉斯瓦米海湾网络
EMail: naganand@baynetworks.com
EMail: naganand@baynetworks.com
Rob Glenn NIST
罗伯·格伦
EMail: rob.glenn@nist.gov
EMail: rob.glenn@nist.gov
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。