Skip to main content
IBM 
ShopSupportDownloads
IBM HomeProductsConsultingIndustriesNewsAbout IBM
IBM : developerWorks : Security : Education - online courses
Virtual private networks, Part 2		Download tutorial zip fileView letter-sized PDF fileView A4-sized PDF fileE-mail this tutorial to a friend
Main menuSection menuGive feedback on this tutorialNext
4. Key exchange
  


Internet Key Exchange I page 1 of 11


As has been noted earlier in this tutorial, ISAKMP provides a framework for authentication and key exchange but does not define them. ISAKMP is designed to support many different key exchanges.

"Oakley" is a description of a series of key exchanges that it calls modes. The protocol details the services provided by each one, namely "perfect forward secrecy" for keys, identity protection, and authentication.

SKEME, first described in the "IEEE Proceedings of the 1996 Symposium on Network and Distributed Systems Security" is a key exchange technique that provides anonymity, some repudiability, and quick key refreshment.

The IKE RFC (2049) describes a hybrid that uses elements of both in conjunction with ISAKMP to obtain authenticated keying material for use with ISAKMP, and for other security associations such as AH and ESP.


Main menuSection menuGive feedback on this tutorialNext
PrivacyLegalContact