The Internet Engineering Task Force this week will consider replacing the protocol that manages encryption keys for IP Security VPNs with a new set of rules that is admittedly less flexible but could lead to equipment that is more interoperable, supports better security and is easier to configure.. . .
The Internet Engineering Task Force this week will consider replacing the protocol that manages encryption keys for IP Security VPNs with a new set of rules that is admittedly less flexible but could lead to equipment that is more interoperable, supports better security and is easier to configure.

At issue is Internet Key Exchange (IKE), the key management protocol used in IPSec VPNs that experts say is so complicated that it stands in the way of interoperability. And the chatty method IKE uses to initiate security sessions theoretically leaves VPN devices open to denial-of-service (DoS) attacks.

To address these shortcomings, some of the IETF's most influential participants have stepped forward with three proposals to replace IKE: IKEv2, Just Fast Keying (JFK) and Sigma. Each eliminates certain features included in IKE, meaning the resulting protocols are more rigid. This rigidity also means there will be fewer parameters for users to configure when the IKE replacement is integrated in VPN devices, making it easier to set up a VPN, experts say.

The link for this article located at NW Fusion is no longer available.