Skip to main content
IBM 
ShopSupportDownloads
IBM HomeProductsConsultingIndustriesNewsAbout IBM
IBM : developerWorks : Security : Education - online courses
Virtual private networks, Part 2		Download tutorial zip fileView letter-sized PDF fileView A4-sized PDF fileE-mail this tutorial to a friend
Main menuSection menuGive feedback on this tutorialPreviousNext
4. Key exchange
  


Authentication II page 8 of 11


Another kind of authentication (pre-shared key) works with Main Mode. The key can only be identified by the IP address of the peers since the hash is computed before a relevant address field.

Aggressive Mode will allow a wider range of identifiers of the pre-shared secret. In addition, Aggressive Mode allows two parties to maintain multiple, different pre-shared keys and identify the correct one for a particular exchange.

Quick Mode is essentially an SA negotiation and an exchange of nonces that provides replay protection. The nonces are used to generate fresh key material and prevent replay attacks. An optional Key Exchange payload can be exchanged to allow for an additional Diffie-Hellman exchange and exponentiation per Quick Mode. Using the key exchange payload with Quick Mode is optional, but must be supported.


Main menuSection menuGive feedback on this tutorialPreviousNext
PrivacyLegalContact