Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
Microsoft details 'Windows on ARM' program
March debut of 'iPad 3' a sure bet, says analyst
FBI unbolts Steve Jobs 1991 investigation file
Cisco boosted profit, sales in Q2 while cutting costs
Macs take on the enterprise
Four crazy tech ideas from Google's Solve for X project
Obama 2012 campaign playlist revealed courtesy of Spotify
Oracle buying Taleo for US$1.9 billion in direct hit at SAP
Amazon attacks Apple: You get 3 Kindle products for price of iPad 2
Pre-rendered pages highlight latest Google Chrome release
Microsoft exec: Lync-Skype integration a 'compelling opportunity'
The future of hypervisors
/

Internet Key Exchange to be discussed

Related linksToday's breaking news
Send to a friendFeedback

Sign up to receive this and other networking newsletters in your inbox.

By Tim Greene
Network World VPNs Newsletter, 12/10/01

This week the IETF is meeting in Salt Lake City to discuss, among other things, Internet Key Exchange or IKE, the key management protocol used in IPSec VPNs.

Regarded as so complex that it is unfriendly to VPN interoperability and possibly susceptible to denial-of-service (DoS) attacks, IKE seems to be on its way out. The IETF is considering several proposals to replace IKE.

I've written about this topic before, but today I want to offer some more details and point out that you should not panic over this. IKE works fine on any VPN gear you own or might buy. It's just the IETF believes that VPN gear developers would find it easier to build in interoperability between their respective products if the key management protocol is made simpler. It also will clear up nagging worries that IKE is vulnerable to DoS attacks, at least in theory. No such weakness has ever been demonstrated. But it is better to rest easy knowing that the possibility of such vulnerability has been removed.

Earlier articles about the search for an IKE replacement has resulted in panicked messages about whether installed VPNs are insecure. The consensus is that they are fine. So relax.

That said, here is some information on what the IKE replacements might do. Most of this will be under the covers and invisible to users. The only difference is that there may be fewer drop-down boxes to deal with when users are configuring VPN equipment.

First, the replacement protocols cut down the number of messages each VPN device has to send to another to set up a secure tunnel from eight to one. They also cut support for sharing encryption keys ahead of time rather than generating them for each session. Pre-shared keying is still allowed, but it would be done outside the standard key-management protocol.

The e-mail discussion of these replacement protocols has been intense since they were posted about a month ago, and no decisions have been made yet.

The procedure that will likely unfold is that one of the proposals or possibly a melding of them will be referred to the IETF's IPSec Working Group with the goal of turning it into a formal standards proposal. IETF participants guess that the new protocol could be integrated into VPN gear within a year or two.

When that happens, those with IPSec VPN gear installed will likely get a software upgrade to the IKE replacement. In the meantime, IKE should serve you well.

You can follow the IETF discussion by sending a message to this address: ipsec-request@lists.tislabs.com

RELATED LINKS

Tim Greene is a senior editor at Network World, covering virtual private networking gear, remote access, core switching and local phone companies. You can reach him at tgreene@nww.com.

Network World VPNs archive
Past newsletters.

Just Fast Keying, an IKE replacement proposal

IKE version 2 proposal

IKE supporters propose fixes and improvements
Network World VPNs Newsletter, 11/28/01

Group proposes Internet Key Exchange successor
Network World VPNs Newsletter, 11/21/01

Equant polishes up IP VPN offerings
Network World, 12/10/01


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.