IKE Phase 1 Proposal:
* Method: indicates whether preshared key (“pre”) or digital certificates (using “RSA”-Sig or “DSA”-Sig) are used as the authentication method
* DH Group: Indicates the Diffie-Hellman group used for the key generation or exchange (“g1”, “g2” or “g5”)
* Encrypt: Indicates the encryption algorithm (“3DES”, “DES” or “AES”)
* Auth: Indicates the hash algorithm (“MD5” or “SHA-1”)
Values:
--------
(pre|dsa|rsa) (g1|g2|g5) (DES|3DES|AES) (MD5|SHA1)
Examples of a Phase 1 proposal include:
---------------------------------------
* pre-g1-des-md5
* dsa-g2-3des-sha1
* rsa-g5-aes128-md5
* or the current de-facto standard: pre-g2-3des-sha1
IPSEC Phase 2 Proposal:
* PFS: Indicates whether PFS is not being used (“nopfs”) or if it is, which DH group is being applied (“g1”, “g2” or “g5”).
* Encapsulation: Whether the ESP (“esp”) protocol is being used for encryption and authentication, or just the AH (“ah”) protocol.
* Encryption : Indicates the encryption algorithm (“DES”, “3DES” or “AES”)
* Authentication: Indicates the hash algorithm (“MD5” or “SHA1”)
Valeurs:
--------
(nopfs|g1|g2|g5) (ESP|AH) (DES|3DES|AES) (MD5|SHA1)
Examples of a Phase 2 proposal include:
---------------------------------------
* nopfs-esp-des-md5
* g1-ah-null-sha1
* And the defacto standard: g2-esp-3des-sha1
No comments:
Post a Comment