Chapter 7. The Internet Key Exchange

Prior to an IP packet being secured by IPSec, a security association (SA) must exist. The Internet Key Exchange (IKE) creates SAs dynamically on behalf of IPSec and populates and manages the Security Association Database (SADB).

IKE, described in RFC2409, is a hybrid protocol. It is based on a framework defined by the Internet Security Association and Key Management Protocol (ISAKMP), defined in RFC2408, and implements parts of two key management protocols—Oakley and SKEME. In addition IKE defines two exchanges of its own.

Oakley is a protocol developed by Hilarie Orman, a cryptographer from the University of Arizona. It is a free-form protocol that allows each party to advance the state of the protocol at its ...

Get IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.