The Internet Key Exchange (IKE) protocol is the third leg of IPsec. It handles the difficult problem of key management by negotiating security associations between a set of peers. The IKE protocol specification is RFC 2409 [Harkins and Carrel 1998].

The basic idea behind IKE is straightforward: The peers perform a Diffie-Hellman exchange to obtain a shared secret that they use to generate keying material for the encryption and authentication algorithms used to protect a VPN. As usual, expressing this simple idea in a robust and secure manner is far from trivial. IKE must take steps to protect itself against denial-of-service attacks, replay attacks, man-in-the-middle attacks, and other attempts to subvert the secure ...