Quick Mode Security Association (Windows CE 5.0)
The quick mode security association is the second phase in a two-phase negotiation process. During the quick mode security negotiation phase, a security association (SA) is negotiated on behalf of the IPSec driver.
The IPSec devices exchange the following requirements for enhancing the security of the data transfer:
- The IPSec protocol (AH or ESP).
- The hash algorithm for data integrity and authentication. IPSec uses the following message authentication code (HMAC) algorithms:
Algorithm Description HMAC-MD5 Produces a 128-bit value. HMAC-SHA1 Produces a 160-bit value. While somewhat slower than HMAC-MD5, HMAC-SHA1 is more secure. - The algorithm for encryption, if it is requested (3DES or DES).
The following table shows the SA parameters for quick mode, in preferential order.
| Encryption | Integrity | Comments |
|---|---|---|
| 3DES | HMAC-MD5 | None. |
| 3DES | HMAC-SHA | None. |
| DES | HMAC-MD5 | None. |
| DES | HMAC-SHA | None. |
| - | HMAC-MD5 | Disabled by default. |
| - | HMAC-SHA | Disabled by default. |
See Also
Security Association | Main Mode Security Association
Send Feedback on this topic to the authors