On Sun, Dec 30, 2001 at 01:43:21PM +0800, simon chan wrote:
> We've seen this Diffie-Hellman Group 1, 2, 3.
> What is inside this group and the difference.
These are standard sets different cryptographic base parameters for the
Diffie-Hellman exchange ("group" is the _mathematical_ group, i.e. the
finite field and operations with which the DH-exchange is done, _not_ a
group of systems or something like that). A mutually acceptable set of
these parameters is negotiated during the IKE protocol, so unless you
have very indepth requirements and understanding of these parameters you
should not change these settings.> Is it a difference combination of encryption and > authentication ? No, the DH-exchange primary function is always to establish the "master" encryption key for communication between the systems (which is later used to derive the specific session keys as needed). Authentication is done _after_ setting up this encryption key and does not use DH but RSA, DSA (for Public Key authentication) or other mechanisms (like the shared secret). > Also, what's the difference between the different modes , > aggresive, quick and main ? These are the different modes for establishing an IKE Security Association (read: a master key and some configuration data). You should not need to configure these except for working around problems with other IKE implementations. With kind regards, Wouter Slegers Your Creative Solutions "Security solutions you can trust and verify!" _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
