1.1 Glossary

This document uses the following terms:

Authenticated IP (AuthIP): An Internet Key Exchange (IKE) protocol extension, as specified in [MS-AIPS].

authentication header (AH): An Internet Protocol Security (IPsec) encapsulation mode that provides authentication and message integrity. For more information, see [RFC4302] section 1.

certificate: A certificate is a collection of attributes and extensions that can be stored persistently. The set of attributes in a certificate can vary depending on the intended usage of the certificate. A certificate securely binds a public key to the entity that holds the corresponding private key. A certificate is commonly used for authentication and secure exchange of information on open networks, such as the Internet, extranets, and intranets. Certificates are digitally signed by the issuing certification authority (CA) and can be issued for a user, a computer, or a service. The most widely accepted format for certificates is defined by the ITU-T X.509 version 3 international standards. For more information about attributes and extensions, see [RFC3280] and [X509] sections 7 and 8.

certificate chain: A sequence of certificates, where each certificate in the sequence is signed by the subsequent certificate. The last certificate in the chain is normally a self-signed certificate.

cluster: A group of computers that are able to dynamically assign resource tasks among nodes in a group. The group can be accessed as though they are a single host. A cluster is generally accessed by using a virtual IP address. For more information, see [MSFT-WLBS].

cryptographic hash function: A function that maps an input of any length to a short output bit string of fixed length, such that finding an input that maps to a particular bit string of the correct output length, or even finding two inputs that map to the same output bit string, is computationally infeasible. For more information, see [SCHNEIER] chapters 2 and 18.

cryptographically generated address (CGA): An IPv6 address for which the interface identifiers (the low-order 64 bits) are generated by computing a cryptographic hash function on a public key. The corresponding private key can be used to sign messages sent from this IPv6 address. CGA is specified in [RFC3972].

domain of interpretation (DOI): A domain that defines the manner in which a group of protocols uses the ISAKMP (as specified in[RFC2408]) framework to negotiate security associations (SAs) (for example, identifiers for cryptographic algorithms, interpretation of payload contents, and so on). For example, the Internet Protocol security (IPsec) DOI (as specified in [RFC2407]) defines the use of the ISAKMP framework for protocols that negotiate main mode (MM) and quick mode security associations (SAs). Both Internet Key Exchange (IKE) and AuthIP fall under the IPsec DOI.

Encapsulating Security Payload (ESP): An Internet Protocol security (IPsec) encapsulation mode that provides authentication, data confidentiality, and message integrity. For more information, see [RFC4303] section 1.

exchange: A pair of messages, consisting of a request and a response.

flow: A TCP session or User Datagram Protocol (UDP) pseudo session, identified by a 5-tuple (source and destination IP and ports, and protocol). By extension, a request/response Internet Control Message Protocol (ICMP) exchange (for example, ICMP echo) is also a flow.

Generic Security Services (GSS): An Internet standard, as described in [RFC2743], for providing security services to applications. It consists of an application programming interface (GSS-API) set, as well as standards that describe the structure of the security data.

initiator: The party that sends the first message of an Internet Key Exchange (IKE).

Internet Key Exchange (IKE): The protocol that is used to negotiate and provide authenticated keying material for security associations (SAs) in a protected manner. For more information, see [RFC2409].

Internet Protocol security (IPsec): A framework of open standards for ensuring private, secure communications over Internet Protocol (IP) networks through the use of cryptographic security services. IPsec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection.

Internet Security Association and Key Management Protocol (ISAKMP): A cryptographic protocol specified in [RFC2408] that defines procedures and packet formats to establish, negotiate, modify and delete security associations (SAs). It forms the basis of the Internet Key Exchange (IKE) protocol, as specified in [RFC2409].

ISAKMP payload: A modular building block for constructing ISAKMP messages. A payload is used to transfer information such as security association (SA) data, or key generation and authentication data. The presence and order of payloads in a packet is defined by and dependent upon the type of exchange specified in the ISAKMP header of the ISAKMP message. For more information, see [RFC2408] section 4.1.

main mode (MM): The first phase of an Internet Key Exchange (IKE) negotiation that performs authentication and negotiates a main mode security association (MM SA) between the peers. For more information, see [RFC2409] section 5.

main mode security association (MM SA): A security association that is used to protect Internet Key Exchange (IKE) traffic between two peers. For more information, see [RFC2408] section 2.

main mode security association database (MMSAD): A database that contains operational state for each main mode (MM) security association (SA). For more information, see [MS-AIPS] section 3.1.1 and [MS-IKEE] section 3.1.1.

maximum transmission unit (MTU): The size, in bytes, of the largest packet that a given layer of a communications protocol can pass onward.

negotiation: A series of exchanges. The successful outcome of a negotiation is the establishment of one or more security associations (SAs). For more information, see [RFC2408] section 2.

negotiation discovery: An Internet Key Exchange (IKE) extension that improves interoperation between Internet Protocol security (IPsec) and non-IPsec-aware hosts. Detecting that the peer host is not capable of IPsec usually involves waiting for the IKE negotiation to time out, then sending traffic in the clear. With negotiation discovery, the host starts the IKE negotiation and sends clear text traffic in parallel. If the IKE negotiation succeeds and security associations (SAs) are established, further traffic is secured.

network address translation (NAT): The process of converting between IP addresses used within an intranet, or other private network, and Internet IP addresses.

nonce: A number that is used only once. This is typically implemented as a random number large enough that the probability of number reuse is extremely small. A nonce is used in authentication protocols to prevent replay attacks. For more information, see [RFC2617].

phase: A series of exchanges that provide a particular set of security services (for example, authentication or creation of security associations (SAs)).

quick mode: The second phase of an Internet Key Exchange (IKE) negotiation, during which the peers negotiate quick mode security associations (QM SAs). For more information, see [RFC2409] section 5.5.

quick mode security association (QM SA): A security association (SA) that is used to protect IP packets between peers (the Internet Key Exchange (IKE) traffic is protected by the main mode security association (MM SA)). For more information, see [RFC2409] section 5.5.

responder: (1) The computer that responds to request messages.

(2) The party that responds to the first message of an IKE exchange.

Rivest-Shamir-Adleman (RSA): A system for public key cryptography. RSA is specified in [RFC8017].

root certificate: A self-signed certificate that identifies the public key of a root certification authority (CA) and has been trusted to terminate a certificate chain.

security association (SA): A simplex "connection" that provides security services to the traffic carried by it. See [RFC4301] for more information.

security association database (SAD): A database that contains parameters that are associated with each established (keyed) security association.

security policy database (SPD): A database that specifies the policies that determine the disposition of all IP traffic inbound or outbound from a host or security gateway.

self-signed certificate: A certificate that is signed by its creator and verified using the public key contained in it. Such certificates are also termed root certificates.

transport mode: An IP encapsulation mechanism, as specified in [RFC4301], that provides Internet Protocol security (IPsec) security for host-to-host communication.

tunnel mode: An IP encapsulation mechanism, as specified in [RFC4301], that provides Internet Protocol security (IPsec) security to tunneled IP packets. IPsec processing is performed by the tunnel endpoints, which can be (but are typically not) the end hosts.

vendor ID payload: A particular type of ISAKMP payload that contains a vendor-defined constant. The constant is used by vendors to identify and recognize remote instances of their implementations. This mechanism allows a vendor to experiment with new features while maintaining backward compatibility. For more information, see [RFC2408] section 3.16.

MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as defined in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.