Cryptography Reference
In-Depth Information
Diagram 8.12 IKE Main Mode
First Pass: SA Negotiation
A
L
I
C
E
H A , S A
−−−−−−−−−−−−→
←−−−−−−−−−−−−
H B , S B
B
O
B
Second Pass: Key Negotiation
A
L
I
C
E
H A p A N A
−−−−−−−−−−−−−−−−−−→
←−−−−−−−−−−−−−−−−−−
H B p B N B
B
O
B
Third Pass: Identity Verification
A
L
I
C
E
( H A , k ( I A , d A ( N A , N B , k , p A , p B , C A , C B , S A )))
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−→
←−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
( H B , k ( I B , d B ( N A , N B , k , p A , p B , C A , C B , S B )))
B
O
B
Aggressive Mode : The essential difference between this mode and main
mode is the manner in which messages are configured, which reduces the ex-
changes depicted in Diagram 8.12 to two. This naturally increases the speed of
communication. We make the same background assumptions as for main mode
given on page 298.
IKE Phase I Using Aggressive Mode
1.
SA and Key Negotiation Initialization : Alice sends to Bob
( H A , S A , p A , N A , I A ), where the notation is as above.
2. SA Agreement and Verification of Bob's Identity : Bob sends
( H B , S B , p B , N B , I B ,k ( I B )) ,
so Alice may now compute k usingher s A , then use k 1 to verify Bob.
Search WWH ::




Custom Search