ISAKMP - internet security association and key management protocol is a
standard by IETF.
It is used for automatic asymmetric and symmetric key exchanges over the
internet. In a nutshell it has two phases
Phase 1 - the Certificate Authority's (CA) Public keys are exchanged and
then the Diffie hellman (DH) public keys are exchanged.
the DH public keys are signed by the CA private key inorder to authenticate
the DH keys. this is the reason for exchange of the CA public keys. once
authenticated the DH keys are used to arrive at a shared session key
(symmetric) that in turn is used for the encryption of data.
So in phase one the asymmetric key exchange takes place.
..... Enter Phase II
Get to the shared secret and negotiate the packet encryption (DES, 3DES)
and authentication algorithms (SHA1 and MD5),encapsulation scheme (tunnel or
inplace/transport, ect. also known as a security association (SA). once the
security association is set up the data can be encrypted and decrypted on
both ends.
Internet key exchange(IKE) utilizes ISAKMP/OAkLEY for key negotiations and
IPSEC for data encryption and really kicks ass!!
Hope this helps.
Amit Kaushal
Security consultant
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, January 24, 2001 6:34 AM
To: [EMAIL PROTECTED]
Subject: [FW1] ISAKMP
Hi all,
can anyone explain ISAKMP to me with 10 to 20 sentences ?
Thankx,
Joerg
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
