Both sides (called initiator and responder in IPsec terminology) should agree on parameters such as a key (or more than one key), authentication, encryption, data integrity and key exchange algorithms, and other parameters such as key lifetime (IKEv1 only). This can be done in two different ways of key distribution: by manual key exchange, which is rarely used since it is less secure, or by the IKE protocol.
- CHAPTER 10: IPsec
- from Linux Kernel Networking: Implementation and Theory
- Publisher: Apress
- Released: December 2013
Share this highlighthttp://www.safaribooksonline.com/a/linux-kernel-networking/234970/