Quick Mode Security Association (Windows Embedded CE 6.0)

[アーティクル]
01/05/2012

1/6/2010

The quick mode security association is the second phase in a two-phase negotiation process. During the quick mode security negotiation phase, a security association (SA) is negotiated on behalf of the IPSec driver.

The IPSec devices exchange the following requirements for enhancing the security of the data transfer:

The IPSec protocol (AH or ESP).
The hash algorithm for data integrity and authentication. IPSec uses the following message authentication code (HMAC) algorithms:

Algorithm Description

HMAC-MD5

Produces a 128-bit value.

HMAC-SHA1

Produces a 160-bit value. While somewhat slower than HMAC-MD5, HMAC-SHA1 is more secure.
The algorithm for encryption, if it is requested (3DES or DES).

Algorithm	Description
HMAC-MD5	Produces a 128-bit value.
HMAC-SHA1	Produces a 160-bit value. While somewhat slower than HMAC-MD5, HMAC-SHA1 is more secure.

The following table shows the SA parameters for quick mode, in preferential order.

Encryption	Integrity	Comments
3DES	HMAC-MD5	None.
3DES	HMAC-SHA	None.
DES	HMAC-MD5	None.
DES	HMAC-SHA	None.
-	HMAC-MD5	Disabled by default.
-	HMAC-SHA	Disabled by default.

次の方法で共有

Quick Mode Security Association (Windows Embedded CE 6.0)

See Also

Concepts

その他のリソース