Skip to main content
IBM 
ShopSupportDownloads
IBM HomeProductsConsultingIndustriesNewsAbout IBM
IBM : developerWorks : Security : Education - online courses
Virtual private networks, Part 2		Download tutorial zip fileView letter-sized PDF fileView A4-sized PDF fileE-mail this tutorial to a friend
Main menuSection menuGive feedback on this tutorialPreviousNext
4. Key exchange
  


SA negotiation page 6 of 11


The SA negotiation takes the form of Transform Payload(s) encapsulated in Proposal Payload(s), which are further encapsulated in SA payload(s). If multiple offers are being made for phase 1 exchanges in Main Mode and Aggressive Mode, these offers must take the form of multiple Transform Payloads for a single Proposal Payload in a single SA payload.

There is no inherent limit on the number of offers the initiator may send to the responder. Some implementations may choose to limit the offers to increase performance, however.

In the SA negotiation, initiators present offers for potential SAs to responders. Responders cannot modify attributes of an offer, except for attribute encoding. If the initiator of an exchange finds that (1) attribute values have changed, or (2) attributes have been added or deleted from the offer made, then the changed response must be rejected.


Main menuSection menuGive feedback on this tutorialPreviousNext
PrivacyLegalContact