主权项 |
1. A method of managing Internet Protocol Security Associations between two nodes, wherein one of the two nodes acts as an initiator and the other of the two nodes acts as a responder in a Security Association (SA) process, the method comprising:
providing local policies for configuring sets of algorithms at each node; at an initiator node, sending a message for initiating a first SA, wherein the message identifies the algorithms configured in the initiator node, receiving at a responder node, the message and in response, identifying a matching set of algorithms that are common to those configured in the responder and the initiator nodes; selecting a first algorithm combination from the matching set of algorithms to create a first SA, sending a list of negotiated combinations of algorithms comprising the selected first combination of algorithms and other matching combinations of algorithms to the initiator node, wherein both nodes use the first combination of algorithms to create the first SA and both store the negotiated combinations of algorithms for use by both first and second nodes subsequently; and on a rekey following termination of a SA, at the initiator node, selecting a further algorithm combination from the list of negotiated combinations of algorithms that is different from a previously selected algorithm combination for use by the responder and initiator in a further SA. |