|
URL: http://www.ietf.org/rfc/rfc2401.txt
IPSec
[RFC2401], developed by the IETF Security Area, is designed to provide
interoperable, cryptographically based network layer security for IPv4 and
IPv6. The set of security services, provided at the IP layer, includes access
control, connectionless integrity, data origin
authentication, protection against replays, confidentiality (encryption), and
limited traffic flow confidentiality. These are met through the use of two
traffic security protocols, the Authentication Header (AH) and the
Encapsulating Security Payload (ESP), and through the use of cryptographic key
management procedures and protocols. The set of IPsec protocols employed in any
context, and the ways in which they are employed, will be determined by the
security and system requirements of users, applications, and
sites/organizations. These mechanisms are designed to be algorithm-independent,
which permits selection of different sets of algorithms without affecting the
other parts of the implementation. A standard set of default algorithms is
specified to facilitate interoperability.
Keywords:
Internet, Security, network layer, Protocol, access control,
integrity, authentication, confidentiality
|
