Compartir a través de


Main Mode Security Association (Windows CE 5.0)

Send Feedback

The main mode security association is the first phase in a two-phase negotiation process. During the main mode security negotiation phase, two devices establish a more secure, authenticated channel. The IPSec Internet Key Exchange (IKE) protocol automatically provides necessary identity protection during this exchange.

The following four mandatory parameters are negotiated as part of the main mode security association (SA):

  • The encryption algorithm: Data Encryption Standard (DES), Triple DES (3DES).
  • The hash algorithm: MD5 (Message Digest function 5) or SHA1 (Secure Hash Algorithm 1).
  • The authentication method (Kerberos V5, Certificate, or pre-shared key authentication).
  • The Diffie-Hellman (DH) key exchange group to be used for the base keying material.

The following table shows the SA parameters for main mode, in preferential order.

Encryption Integrity DH group
3DES SHA1 2048 bit
3DES SHA1 1024
3DES MD5 1024
DES SHA1 768
DES MD5 768

See Also

Security Association | Quick Mode Security Association

Send Feedback on this topic to the authors

Feedback FAQs

© 2006 Microsoft Corporation. All rights reserved.