13. IKE
13.1 Introduction
The Internet Key Exchange (IKE) protocol is the third leg of IPsec. It handles the difficult problem of key management by negotiating security associations between a set of peers. The IKE protocol specification is RFC 2409 [Harkins and Carrel 1998].
The basic idea behind IKE is straightforward: The peers perform a Diffie-Hellman exchange to obtain a shared secret that they use to generate keying material for the encryption and authentication algorithms used to protect a VPN. As usual, expressing this simple idea in a robust and secure manner is far from trivial. IKE must take steps to protect itself against denial-of-service attacks, replay attacks, man-in-the-middle attacks, and other attempts to subvert the secure ...
Get VPNs Illustrated: Tunnels, VPNs, and IPsec now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.