Creation and Deletion of SA

• Creation:

  • negotiating the parameters of the SA by both sides
  • updating the SADB with the SA

• Methods:

  • manual: mandatory, error-prone, insecure
  • Internet standard key management protocol, e.g. IKE

• SA bundle: a collection of SAs created by a process for two hosts to communicate securely

• Deletion:

  • lifetime expired,
  • keys are compromised

Previous slide

Next slide

Back to first slide

View graphic version