Internet Key Exchange

In computing, Internet Key Exchange (IKE, versioned as IKEv1 and IKEv2) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP.^[1] IKE uses X.509 certificates for authentication ‒ either pre-shared or distributed using DNS (preferably with DNSSEC) ‒ and a Diffie–Hellman key exchange to set up a shared session secret from which cryptographic keys are derived.^[2]^[3] In addition, a security policy for every peer which will connect must be manually maintained.^[2]

^ The Internet Key Exchange (IKE), RFC 2409, §1 Abstract
^ ^a ^b Thomas, M. (June 2001), RFC 3129: Requirements for Kerberized Internet Negotiation of Keys, Internet Engineering Task Force, p. 1, doi:10.17487/RFC3129
^ Richardson, M.; Redelmeier, D.H. (June 2001), RFC 4322: Opportunistic Encryption using the Internet Key Exchange (IKE), Internet Engineering Task Force, p. 5, doi:10.17487/RFC4322

[rfc2409_sec1-1] The Internet Key Exchange (IKE), RFC 2409, §1 Abstract

[rfc3129p1-2] Thomas, M. (June 2001), RFC 3129: Requirements for Kerberized Internet Negotiation of Keys, Internet Engineering Task Force, p. 1, doi:10.17487/RFC3129

[rfc4322p5-3] Richardson, M.; Redelmeier, D.H. (June 2001), RFC 4322: Opportunistic Encryption using the Internet Key Exchange (IKE), Internet Engineering Task Force, p. 5, doi:10.17487/RFC4322

[1]

[2]

[3]