HP-UX IPSec version A.02.01 Administrator's Guide
Product Specifications
IPsec RFCs
Appendix A4
RFC 3775 IKE Identity Payload Requirement
RFC 3775, Mobility Support in IPv6, section 5.1, Binding Updates to
Home Agents, contains the following mandatory specification for IKE
identities:
The ID_IPV6_ADDR Identity Payload MUST NOT be used in
IKEv1 phase 1.
RFC 3776 Mandatory Support
RFC 3776, Using IPsec to Protect Mobile IPv6 Signaling Between Mobile
Nodes and Home Agents, section 4.1, Mandatory Support contains the
following mandatory support specifications for securing Mobile IPv6
packets.
The following requirements apply to both home agents and mobile
nodes:
• Manual configuration of IPsec security associations MUST be
supported. The configuration of the keys is expected to take
place out-of-band, for instance at the time the mobile node is
configured to use its home agent.
• Automatic key management with IKE [4] MAY be supported.
Only IKEv1 is discussed in this document. Other automatic key
management mechanisms exist and will appear beyond IKEv1,
but this document does not address the issues related to them.
• ESP encapsulation of Binding Updates and
Acknowledgements between the mobile node and home agent
MUST be supported and MUST be used.
• ESP encapsulation of the Home Test Init and Home Test
messages tunneled between the mobile node and home agent
MUST be supported and SHOULD be used.
• ESP encapsulation of the ICMPv6 messages related to prefix
discovery MUST be supported and SHOULD be used.
• ESP encapsulation of the payload packets tunneled between the
mobile node and home agent MAY be supported and used.
• If multicast group membership control protocols or stateful
address autoconfiguration protocols are supported, payload
data protection MUST be supported for those protocols.