18. IPsec: IKE

Progress might have been all right once, but it has gone on too long.

—Ogden Nash

The previous chapter covered how IPsec works once the security association (SA) is set up, the session key established, and so on. This chapter covers IKE (Internet Key Exchange). IKE is a protocol for doing mutual authentication and establishing a shared secret key to create an IPsec SA. IKE took many years to come out of IETF. The original contenders were Photuris (RFC 2522) and SKIP (http://skip.incog.com/inet-95.ps). Either of these protocols would have been just fine in practice. But due to committee politics, neither one was chosen and instead IKE/ISAKMP emerged, almost a decade after work began, with a protocol so complex and specification ...

Get Network Security: Private Communication in a Public World, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.