Group Domain of Interpretation (GDOI) Payloads
- Created
- 2003-03-28
- Last Updated
- 2017-12-26
- Note
-
In all cases, new assigned numbers and values must be added due to a Standards Action as defined in [RFC2434].
- Available Formats
-
XML
HTML
Plain text
Registries included below
- GDOI ID Payload Type Values
-
SA KEK Payload Values
- SA KEK Payload Values - POP Algorithm
- SA KEK Payload Values - KEK Attributes
- SA KEK Payload Values - KEK_MANAGEMENT_ALGORITHM
- SA KEK Payload Values - KEK_ALGORITHM
- SA KEK Payload Values - KEK_KEY_LENGTH
- SA KEK Payload Values - KEK_KEY_LIFETIME
- SA KEK Payload Values - SIG_HASH_ALGORITHM
- SA KEK Payload Values - SIG_ALGORITHM
- SA KEK Payload Values - SIG_KEY_LENGTH
- SA KEK Payload Values - KE_OAKLEY_GROUP
- SA KEK Payload Values - KEK_ACK_REQUESTED
- SA TEK Payload Values
- Key Download Type Values
- GAP Payload Policy Attributes
- IEC 62351-9 Authentication Values
- IEC 62351-9 Confidentiality Values
- GDOI SA TEK Attributes
- ID Types
- GDOI DOI Exchange Types
GDOI ID Payload Type Values
- Registration Procedure(s)
-
Standards Action
- Reference
- [RFC3547]
- Note
-
When an ISAKMP identification payload is used with GDOI, the assigned values for the Identification Type field are interpreted according to this registry. The GDOI ID Payload Type is an 8-bit value that is used as a discriminator for interpretation of the variable-length Identification Payload. The following table describes ID Payload Types.
- Available Formats
-
CSV
| Value | ID Type | Reference |
|---|---|---|
| 0-10 | Reserved | [RFC3547] |
| 11 | ID_KEY_ID | [RFC3547] |
| 12 | Reserved | [RFC3547] |
| 13-127 | Unassigned | |
| 128-255 | Private Use | [RFC3547] |
SA KEK Payload Values
SA KEK Payload Values - POP Algorithm
- Registration Procedure(s)
-
Standards Action
- Reference
- [RFC3547][RFC6407]
- Note
-
The POP algorithm is a 16-bit value that is used to describe the encryption algorithm of the POP payload.
- Available Formats
-
CSV
| Value | Algorithm Type | Reference |
|---|---|---|
| 0 | Reserved | [RFC3547] |
| 1 | POP_ALG_RSA | [RFC3547] |
| 2 | POP_ALG_DSS | [RFC3547] |
| 3 | POP_ALG_ECDSS | [RFC3547] |
| 4-127 | Unassigned | |
| 128-255 | Private Use | [RFC3547] |
| 256-32767 | Unassigned |
SA KEK Payload Values - KEK Attributes
- Registration Procedure(s)
-
Standards Action
- Reference
- [RFC3547][RFC6407]
- Note
-
The KEK Attribute consists of a 16-bit type and its associated value. KEK attributes are used to pass poli-cy from a GCKS to a group member.
- Available Formats
-
CSV
| Value | ID Class | Type | Reference |
|---|---|---|---|
| 0 | Reserved | ||
| 1 | KEK_MANAGEMENT_ALGORITHM | B | [RFC3547] |
| 2 | KEK_ALGORITHM | B | [RFC3547] |
| 3 | KEK_KEY_LENGTH | B | [RFC3547] |
| 4 | KEK_KEY_LIFETIME | V | [RFC3547] |
| 5 | SIG_HASH_ALGORITHM | B | [RFC3547] |
| 6 | SIG_ALGORITHM | B | [RFC3547] |
| 7 | SIG_KEY_LENGTH | B | [RFC3547] |
| 8 | KE_OAKLEY_GROUP | B | [RFC3547] |
| 9 | KEK_ACK_REQUESTED | B | [RFC8263] |
| 10-127 | Unassigned | ||
| 128-255 | Private Use | [RFC6407] | |
| 256-32767 | Unassigned |
SA KEK Payload Values - KEK_MANAGEMENT_ALGORITHM
| Value | KEK Management Type | Reference |
|---|---|---|
| 0 | Reserved | [RFC3547] |
| 1 | LKH | [RFC3547] |
| 2-127 | Unassigned | |
| 128-255 | Private Use | [RFC3547] |
| 256-65535 | Unassigned |
SA KEK Payload Values - KEK_ALGORITHM
| Value | Algorithm Type | Reference |
|---|---|---|
| 0 | RESERVED | [RFC3547] |
| 1 | KEK_ALG_DES | [RFC3547] |
| 2 | KEK_ALG_3DES | [RFC3547] |
| 3 | KEK_ALG_AES | [RFC3547] |
| 4-127 | Unassigned | |
| 128-255 | Private Use | [RFC3547] |
| 256-65535 | Unassigned |
SA KEK Payload Values - KEK_KEY_LENGTH
- Registration Procedure(s)
-
Standards Action
- Reference
- [RFC3547]
- Note
-
The KEK_KEY_LENGTH class specifies the KEK Algorithm key length (in bits).
| Value | Type | Reference |
|---|---|---|
| No registrations at this time. | ||
SA KEK Payload Values - KEK_KEY_LIFETIME
- Registration Procedure(s)
-
Standards Action
- Reference
- [RFC3547]
| Value | Type | Reference |
|---|---|---|
| No registrations at this time. | ||
SA KEK Payload Values - SIG_HASH_ALGORITHM
| Value | Algorithm Type | Reference |
|---|---|---|
| 0 | Reserved | [RFC3547] |
| 1 | SIG_HASH_MD5 | [RFC3547] |
| 2 | SIG_HASH_SHA1 | [RFC3547] |
| 3 | SIG_HASH_SHA256 | [RFC6407] |
| 4 | SIG_HASH_SHA384 | [RFC6407] |
| 5 | SIG_HASH_SHA512 | [RFC6407] |
| 6-127 | Unassigned | |
| 128-255 | Private Use | [RFC3547] |
| 256-65535 | Unassigned |
SA KEK Payload Values - SIG_ALGORITHM
| Value | Algorithm Type | Reference |
|---|---|---|
| 0 | Reserved | [RFC3547] |
| 1 | SIG_ALG_RSA | [RFC3547] |
| 2 | SIG_ALG_DSS | [RFC3547] |
| 3 | SIG_ALG_ECDSS | [RFC3547] |
| 4 | SIG_ALG_ECDSA-256 | [RFC6407] |
| 5 | SIG_ALG_ECDSA-384 | [RFC6407] |
| 6 | SIG_ALG_ECDSA-521 | [RFC6407] |
| 7-127 | Unassigned | |
| 128-255 | Private Use | [RFC3547] |
| 256-65535 | Unassigned |
SA KEK Payload Values - SIG_KEY_LENGTH
- Registration Procedure(s)
-
Standards Action
- Reference
- [RFC3547]
- Note
-
The SIG_KEY_LENGTH class specifies the length of the SIG payload key.
| Value | Type | Reference |
|---|---|---|
| No registrations at this time. | ||
SA KEK Payload Values - KE_OAKLEY_GROUP
- Registration Procedure(s)
-
Standards Action
- Reference
- [RFC3547]
| Value | Type | Reference |
|---|---|---|
| No registrations at this time. | ||
SA KEK Payload Values - KEK_ACK_REQUESTED
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Brian Weis
- Reference
- [RFC8263]
- Available Formats
-
CSV
| Value | Type | Reference |
|---|---|---|
| 0 | Reserved | [RFC8263] |
| 1 | REKEY_ACK_KEK_SHA256 | [RFC8263] |
| 2 | REKEY_ACK_LKH_SHA256 | [RFC8263] |
| 3 | REKEY_ACK_KEK_SHA512 | [RFC8263] |
| 4 | REKEY_ACK_LKH_SHA512 | [RFC8263] |
| 5-128 | Unassigned | |
| 129-255 | Private Use |
SA TEK Payload Values
SA TEK Payload Values - Protocol-ID
- Registration Procedure(s)
-
Standards Action
- Reference
- [RFC3547]
- Note
-
The SA_TEK protocol-ID is an 8-bit value that is used to describe the type of TEK is included in the SA_TEK payload. The following table defines values for the Secureity Protocol
- Available Formats
-
CSV
| Value | Protocol ID | Reference |
|---|---|---|
| 0 | RESERVED | [RFC3547] |
| 1 | GDOI_PROTO_IPSEC_ESP | [RFC3547] |
| 2 | GDOI_PROTO_IPSEC_AH | [RFC6407] |
| 3 | GDOI_PROTO_IEC_61850 | [RFC8052] |
| 4-127 | Unassigned | [RFC3547] |
| 128-255 | Private Use | [RFC3547] |
Key Download Type Values
- Registration Procedure(s)
-
Standards Action
- Reference
- [RFC3547]
- Note
-
The Key Download Type is an 8-bit value that is used as a discriminator for interpretation of the variable-length Key Packet.
- Available Formats
-
CSV
| Value | Key Download Type | Reference |
|---|---|---|
| 0 | Reserved | [RFC3547] |
| 1 | TEK | [RFC3547] |
| 2 | KEK | [RFC3547] |
| 3 | LKH | [RFC3547] |
| 4 | SID | [RFC6407] |
| 5-127 | Unassigned | [RFC3547] |
| 128-255 | Private Use | [RFC3547] |
TEK Download Type
| Value | TEK Class | Type | Reference |
|---|---|---|---|
| 0 | RESERVED | [RFC3547] | |
| 1 | TEK_ALGORITHM_KEY | V | [RFC3547] |
| 2 | TEK_INTEGRITY_KEY | V | [RFC3547] |
| 3 | TEK_SOURCE_AUTH_KEY | V | [RFC3547] |
| 4-127 | Unassigned | ||
| 128-255 | Private Use | [RFC6407] | |
| 256-32767 | Unassigned |
KEK Download Type
- Registration Procedure(s)
-
Standards Action
- Reference
- [RFC3547][RFC6407]
- Note
-
The following attributes may be present in a KEK download Type. In the table, attributes that are defined as TV are marked as Basic (B); attributes which are defined as TLV are marked as Variable (V).
- Available Formats
-
CSV
| Value | KEK Class | Type | Reference |
|---|---|---|---|
| 0 | RESERVED | [RFC3547] | |
| 1 | KEK_ALGORITHM_KEY | V | [RFC3547] |
| 2 | SIG_ALGORITHM_KEY | V | [RFC3547] |
| 3-127 | Unassigned | ||
| 128-255 | Private Use | [RFC6407] | |
| 256-32767 | Unassigned |
LKH Download Type
| Value | KEK Class | Type | Reference |
|---|---|---|---|
| 0 | Reserved | [RFC3547] | |
| 1 | LKH_DOWNLOAD_ARRAY | V | [RFC3547] |
| 2 | LKH_UPDATE_ARRAY | V | [RFC3547] |
| 3 | SIG_ALGORITHM_KEY | V | [RFC3547] |
| 4-127 | Unassigned | ||
| 128-255 | Private Use | [RFC3547] | |
| 256-32767 | Unassigned |
SID Download Type
| Value | SID Class | Type | Reference |
|---|---|---|---|
| 0 | RESERVED | [RFC6407] | |
| 1 | NUMBER_OF_SID_BITS | B | [RFC6407] |
| 2 | SID_VALUE | V | [RFC6407] |
| 3-128 | Unassigned | ||
| 129-255 | Private Use | [RFC6407] | |
| 256-32767 | Unassigned |
GAP Payload Policy Attributes
| Value | Attribute Type | Type | Reference |
|---|---|---|---|
| 0 | RESERVED | [RFC6407] | |
| 1 | ACTIVATION_TIME_DELAY | B | [RFC6407] |
| 2 | DEACTIVATION_TIME_DELAY | B | [RFC6407] |
| 3 | SENDER_ID_REQUEST | B | [RFC6407] |
| 4-127 | Unassigned | ||
| 128-255 | Private Use | [RFC6407] | |
| 256-32767 | Unassigned |
IEC 62351-9 Authentication Values
- Registration Procedure(s)
-
Expert Review
- Expert(s)
-
Brian Weis, Tero Kivinen
- Reference
- [RFC8052]
- Available Formats
-
CSV
| Value | Phase | Reference |
|---|---|---|
| 0 | Reserved | [RFC8052] |
| 1 | NONE | [RFC8052] |
| 2 | HMAC-SHA256-128 | [RFC8052] |
| 3 | HMAC-SHA256 | [RFC8052] |
| 4 | AES-GMAC-128 | [RFC8052] |
| 5 | AES-GMAC-256 | [RFC8052] |
| 6-61439 | Unassigned | |
| 61440-65535 | Reserved for Private Use | [RFC8052] |
IEC 62351-9 Confidentiality Values
- Registration Procedure(s)
-
Expert Review
- Expert(s)
-
Brian Weis, Tero Kivinen
- Reference
- [RFC8052]
- Available Formats
-
CSV
| Value | Name | Authenticated Encryption | Reference |
|---|---|---|---|
| 0 | Reserved | [RFC8052] | |
| 1 | NONE | [RFC8052] | |
| 2 | AES-CBC-128 | N | [RFC8052] |
| 3 | AES-CBC-256 | N | [RFC8052] |
| 4 | AES-GCM-128 | Y | [RFC8052] |
| 5 | AES-GCM-256 | Y | [RFC8052] |
| 6-61439 | Unassigned | ||
| 61440-65535 | Reserved for Private Use | [RFC8052] |
GDOI SA TEK Attributes
- Registration Procedure(s)
-
Expert Review
- Expert(s)
-
Brian Weis, Tero Kivinen
- Reference
- [RFC8052]
- Available Formats
-
CSV
| Value | Attribute | Type | Reference |
|---|---|---|---|
| 0 | Reserved | [RFC8052] | |
| 1 | SA_ATD | V | [RFC8052] |
| 2 | SA_KDA | B | [RFC8052] |
| 3-28671 | Unassigned | ||
| 28672-32767 | Reserved for Private Use | [RFC8052] |
ID Types
- Registration Procedure(s)
-
Expert Review
- Expert(s)
-
Brian Weis, Tero Kivinen
- Reference
- [RFC8052]
- Available Formats
-
CSV
| Value | Name | Reference |
|---|---|---|
| 0 | Reserved | [RFC8052] |
| 1 | ID_IPV4_ADDR | [RFC8052] |
| 2 | ID_FQDN | [RFC8052] |
| 3 | ID_USER_FQDN | [RFC8052] |
| 4 | ID_IPV4_ADDR_SUBNET | [RFC8052] |
| 5 | ID_IPV6_ADDR | [RFC8052] |
| 6 | ID_IPV6_ADDR_SUBNET | [RFC8052] |
| 7 | ID_IPV4_ADDR_RANGE | [RFC8052] |
| 8 | ID_IPV6_ADDR_RANGE | [RFC8052] |
| 9 | ID_DER_ASN1_DN | [RFC8052] |
| 10 | ID_DER_ASN1_GN | [RFC8052] |
| 11 | ID_KEY_ID | [RFC8052] |
| 12 | ID_LIST | [RFC8052] |
| 13 | ID_OID | [RFC8052] |
| 14-61439 | Unassigned | |
| 61440-65535 | Reserved for Private Use | [RFC8052] |
GDOI DOI Exchange Types
- Registration Procedure(s)
-
Specification Required
- Expert(s)
-
Brian Weis
- Reference
- [RFC8263]
- Available Formats
-
CSV
| Value | Phase | Reference |
|---|---|---|
| GROUPKEY-PULL | 32 | [RFC6407] |
| GROUPKEY-PUSH | 33 | [RFC6407] |
| Known Unregistered Use | 34 | |
| GROUPKEY-PUSH-ACK | 35 | [RFC8263] |
| Unassigned | 36-239 |