다음을 통해 공유


Main Mode Security Association (Windows Embedded CE 6.0)

1/6/2010

The main mode security association is the first phase in a two-phase negotiation process. During the main mode security negotiation phase, two devices establish a more secure, authenticated channel. The IPSec Internet Key Exchange (IKE) protocol automatically provides necessary identity protection during this exchange.

The following four mandatory parameters are negotiated as part of the main mode security association (SA):

  • The encryption algorithm: Data Encryption Standard (DES), Triple DES (3DES).
  • The hash algorithm: MD5 (Message Digest function 5) or SHA1 (Secure Hash Algorithm 1).
  • The authentication method (Kerberos V5, Certificate, or pre-shared key authentication).
  • The Diffie-Hellman (DH) key exchange group to be used for the base keying material.

The following table shows the SA parameters for main mode, in preferential order.

Encryption Integrity DH group

3DES

SHA1

2048 bit

3DES

SHA1

1024

3DES

MD5

1024

DES

SHA1

768

DES

MD5

768

See Also

Concepts

Security Association
Quick Mode Security Association