[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Basic IKE authentication question

To: ipsec@tis.com
Subject: Basic IKE authentication question
From: Ramon Hontanon <hontanon@uu.net>
Date: Wed, 30 Dec 1998 15:08:28 -0500 (EST)
Sender: owner-ipsec@ex.tis.com

I've read RFC2408 and RFC2409 searching for the answer to this
(albeit basic) question, but haven't come up with an authoritative answer.

What are the available options for peer authentication before an IPsec
tunnel can be established? I suspect that they are:

- Pre-shared keys (i.e. some string that both peers agree upon in advance)
- X.509 certs from a Certificate Authority

But how about:

- Unverified public key exchange (like ssh)
- Manual distribution of public keys (Cisco's IKE implementation)

Thanks a lot, & happy new year to all!

-- ramon

Follow-Ups:

Re: Basic IKE authentication question

From: Daniel Harkins <dharkins@cisco.com>

Re: Basic IKE authentication question

From: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>

Re: Basic IKE authentication question

From: Jack Aubert <jaubert@cpcug.org>

Prev by Date: Re: Selectors and Transport Layer Protocol
Next by Date: Re: Basic IKE authentication question
Prev by thread: I-D ACTION:draft-ietf-ipsec-isakmp-hybrid-auth-01.txt
Next by thread: Re: Basic IKE authentication question
Index(es):
- Main
- Thread