IKE Key Terminology
The following table lists terms that are used in key negotiation, provides their commonly used acronyms, and gives a definition and use for each term.
Table 22–1 Key Negotiation Terms, Acronyms, and Uses|
Key Negotiation Term |
Acronym |
Definition and Use |
|---|---|---|
|
Key exchange |
|
The process of generating keys for asymmetric cryptographic algorithms. The two main methods are RSA protocols and the Diffie-Hellman protocol. |
|
Diffie-Hellman protocol |
DH |
A key exchange protocol that involves key generation and key authentication. Often called authenticated key exchange. |
|
RSA protocol |
RSA |
A key exchange protocol that involves key generation and key transport. The protocol is named for its three creators, Rivest, Shamir, and Adleman. |
|
PFS |
Applies to authenticated key exchange only. PFS ensures that long-term secret material for keys does not compromise the secrecy of the exchanged keys from previous communications. In PFS, the key that is used to protect transmission of data is not used to derive additional keys. Also, the source of the key that is used to protect data transmission is never used to derive additional keys. |
|
|
Oakley method |
|
A method for establishing keys for Phase 2 in a secure manner. This protocol is analogous to the Diffie-Hellman method of key exchange. Similar to Diffie-Hellman, Oakley group key exchange involves key generation and key authentication. The Oakley method is used to negotiate PFS. |
- © 2010, Oracle Corporation and/or its affiliates