Internet Security Association and Key Management Protocol
Internet Security Association and Key Management Protocol (ISAKMP) (RFC 2408), submitted to the IETF by the U.S. National Security Agency (NSA), provides a framework for Internet key management and security associations. First, ISAKMP defines procedures and a protocol for negotiating security associations, which contain all the information required for network security services such as IP Layer security services (such as header authentication and payload encapsulation), and transport or Application Layer security services. Second, ISAKMP defines procedures for exchanging key generation and authentication data between communicating parties. These procedures are generic and independent of the techniques used for generating keys and of the algorithms for encrypting and authenticating data. This latter point is very significant. There might be many different key exchange protocols, each with different properties, yet a common protocol is required for establishing, negotiating, modifying, and deleting security associations. ISAKMP serves as this common framework while ignoring the implementation details.