"Orion" <[EMAIL PROTECTED]> writes: > Ive done quite a bit of searching yet I cant find a single source that truly > explains how IPSEC works. The part thats not clicking for me is how > authentication takes place, encryption keys are negotiated without a middle > man getting the keys, and dynamic rekeying. > > > Can anyone help out or point me in the right direction.
This is sort of a strange place to be asking this question, but IPsec (RFC 2401) itself doesn't specify how keying is supposed to happen. IPsec does have one currently defined method for key exchange which is IKE which is a peer to peer keying mechanism with the ability to use preshared keys, as well as X.509 certs. It is described in RFC 2407, 2408 and 2409. A propos this newsgroup, a second IPsec keying mechanism is being worked on by IETF to use Kerberos to provide authentication and keying material for IPsec security associations. The current draft is draft-ietf-kink-kink-01.txt, though I'm about to publish a new draft which should be close to last call quality. I've been working on modifying freeswan's IKE daemon to do KINK as well. -- Michael Thomas ([EMAIL PROTECTED] http://www.mtcc.com/~mike/) Multi-mode fiber with an optical splitter | B G P sessions conFIGGED not to litter | My Fav'rite 'Net Things Reverting from A T M back to I P | by kc claffy, CAIDA These are a few of my fav'rite `Net things |
