IKE Phase 2 (Quick Mode)
¨Negotiate
parameters of IPsec SA
¨Perfect
Forward Secrecy (PFS) may be used by initiator to request that a new DH
secret be generated over an encrypted channel
–New
nonces generated: Ni` and Nr`
–New DH
public values:
•Xa`=ga mod p
•Xb`=gb mod p