March 2006
Intermediate to advanced
464 pages
12h 16m
English
book
The IMS: IP Multimedia Concepts And Services, Second Edition
by Miikka Poikselka, Georg Mayer, Hisham Khartabil, Aki Niemi
Content preview from The IMS: IP Multimedia Concepts And Services, Second Edition
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
22.3. Internet Security Association and Key Management Protocol (ISAKMP)
Internet Security Association and Key Management Protocol (ISAKMP) is used for negotiating, establishing, modification and deletion of SAs and related parameters. It defines the procedures and packet formats for peer authentication creation and management of SAs and techniques for key generation. It also includes mechanisms that mitigate certain threats – e.g., Denial Of Service (DOS) and anti-replay protection.
In ISAKMP, SA and key management are separate from any key exchange protocols; so, in a sense ISAKMP is an "abstract" protocol – it provides a framework for authentication and key management and supports many actual key exchange protocols (e.g., IKE). ISAKMP defines header and payload formats, but needs an instantiation to a specific set of protocols. Such an instantiation is denoted as the ISAKMP Domain Of Interpretation (DOI): an example of this for the IPsec/IKE is the IPsec DOI [RFC2407].
ISAKMP operates in two phases. During phase 1, peers establish an ISAKMP SA – namely, they authenticate and agree on the used mechanisms to secure further communications. In phase 2 this ISAKMP SA is used to negotiate further protocol SAs (e.g., an IPsec/ESP SA). After the initial establishment of an ISAKMP SA, multiple protocol SAs can be established.
Figure 22.1. ESP packet format.
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.