IPsec: IKE (Internet Key Exchange)
Charlie Kaufman, Microsoft Corporation
IKE Usage Scenarios
Gateway to Gateway
End Point to Gateway
End Point to End Point
IKE Protocol Handshake
Initial Diffie-Hellman Exchange
Negotiation of Cryptographic Algorithms
Negotiation of Traffic Selectors
Extensions and Variations
Denial of Service Protection
Extended Authentication Protocol
Differences Between IKEv1 and IKEv2
The IPsec (Internet Protocol Security) protocol cryptographically protects messages sent over the Internet on a packet-by-packet basis, as opposed to other protocols such as secure sockets layer (SSL) or secure multipurpose Internet e-mail extension (S/MIME) that encrypt larger messages before breaking them into packets. The major advantage of the IPsec approach is that it can be done transparently to applications. It can be done by the underlying operating system—or even by an external networking device—without making any changes to applications. IPsec is commonly used to tunnel messages between two trusted networks over an untrusted network, where the ultimate sending and receiving machines are not aware of any cryptographic processing.
In order that the IPsec end points be able to protect messages cryptographically, they must agree on which cryptographic algorithms and keys to use. To detect and discard long delayed and ...