Encyclopedia > RFC 2401

  Article Content


Redirected from RFC 2401

IPSec (abbreviation of IP security) is a standard for securing internet protocol communications by encrypting and authenticating all IP packets.

IPSec is a protocol suite (a set of protocols) consisting of protocols for securing packet flows, and of key exchange protocols being used for setting up those secure flows. Of the former there are two: Encapsulating Security Payload[?] (ESP) for encrypting packet flows, and the rarely used Authentication Header[?] (AH) which provides authentication and message integrity guarantees for such flows, but does not offer confidentiality[?]. See Information security for definitions of these terms. Currently only one key exchange[?] protocol is defined, the IKE protocol.

IPSec is required as a part of IPv6. As IPv6 is more widely used, IPSec will become more widely available.

IPSec protocols operate at layer 3 of the OSI model, which makes them suitable for protecting UDP-based protocols. The down side is that compared with transport-layer protocols, such as SSL, the IPSec protocols need to deal with reliability and fragmentation issues, which are normally solved by TCP.

IPSec was intended to provide both portal-to-portal communications security in which the security overhead is provided to several machines (even whole LANs) by a single node, and end-to-end security in which the endpoint computers do the security processing. It can be used to construct Virtual Private Networks, and this is the most popular use.

End-to-end communication security use on an Internet-wide scale has been slower to develop than many had expected. Part of the reason is that no univeral, or universally trusted, [public key infrastructure]] has emerged (DNSSEC was originally envisioned for this), part is that many users (perhaps most) understand neither their needs nor the available options well enough to force adoption, and part is probably due to degradation of Net responsivity[?] due to bandwidth loss from such things as spam. The Free S/Wan[?] Project has developed an open source implementation of IPSec.

IPSec protocols are defined by RFCs 2401-2409, currently (2003) these documents are slowly being replaced by newer versions.

External Links

All Wikipedia text is available under the terms of the GNU Free Documentation License

  Search Encyclopedia

Search over one million articles, find something about almost anything!
  Featured Article

... 2nd century - 3rd century - 4th century Decades: 190s 200s 210s 220s 230s - 240s - 250s 260s 270s 280s 290s Years: 237 238 239 240 241 - 242 - 243 244 245 246 ...

This page was created in 69 ms