Browse Prior Art Database

The Internet Key Exchange (IKE) (RFC2409)

IP.com Disclosure Number: IPCOM000002984D
Original Publication Date: 1998-Nov-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 33 page(s) / 88K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Harkins: AUTHOR [+2]

Abstract

ISAKMP ([MSST98]) provides a framework for authentication and key exchange but does not define them. ISAKMP is designed to be key exchange independant; that is, it is designed to support many different key exchanges.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 3% of the total text.

Network Working Group D. Harkins

Request for Comments: 2409 D. Carrel

Category: Standards Track cisco Systems

November 1998

The Internet Key Exchange (IKE)

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

Table Of Contents

1 Abstract........................................................ 2

2 Discussion...................................................... 2

3 Terms and Definitions........................................... 3

3.1 Requirements Terminology...................................... 3

3.2 Notation...................................................... 3

3.3 Perfect Forward Secrecty...................................... 5

3.4 Security Association.......................................... 5

4 Introduction.................................................... 5

5 Exchanges....................................................... 8

5.1 Authentication with Digital Signatures........................ 10

5.2 Authentication with Public Key Encryption..................... 12

5.3 A Revised method of Authentication with Public Key Encryption. 13

5.4 Authentication with a Pre-Shared Key.......................... 16

5.5 Quick Mode.................................................... 16

5.6 New Group Mode................................................ 20

5.7 ISAKMP Informational Exchanges................................ 20

6 Oakley Groups................................................... 21

6.1 First Oakley Group............................................ 21

6.2 Second Oakley Group........................................... 22

6.3 Third Oakley Group............................................ 22

6.4 Fourth Oakley Group........................................... 23

7 Payload Explosion of Complete Exchange.......................... 23

7.1 Phase 1 with Main Mode........................................ 23

7.2 Phase 2 with Quick Mode....................................... 25

8 Perfect Forward Secrecy Example................................. 27

9 Implementation Hints............................................ 27

10 Security Considerations........................................ 28

11 IANA Considerations............................................ 30

12 Acknowledgments................................................ 31

13 References..................................................... 31

Appendix A........................