Chapter 18. IPsec: IKE

 

Progress might have been all right once, but it has gone on too long.

 
 --Ogden Nash

The previous chapter covered how IPsec works once the security association (SA) is set up, the session key established, and so on. This chapter covers IKE (Internet Key Exchange). IKE is a protocol for doing mutual authentication and establishing a shared secret key to create an IPsec SA. IKE took many years to come out of IETF. The original contenders were Photuris (RFC 2522) and SKIP (http://skip.incog.com/inet-95.ps). Either of these protocols would have been just fine in practice. But due to committee politics, neither one was chosen and instead IKE/ISAKMP emerged, almost a decade after work began, with a protocol so complex and specification ...

Get Network Security: Private Communication in a Public World, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.