Chapter 5. The Encapsulating Security Payload (ESP)

The Encapsulating Security Payload (ESP) is a protocol header inserted into an IP datagram to provide confidentiality, data origin authentication, antireplay, and data integrity services to IP. ESP may be applied in different modes in which it is inserted between the IP header and the upper-layer protocol header (e.g., a TCP or UDP header) or it may be used to encapsulate an entire IP datagram.

ESP provides confidentiality with an encryptor and data integrity with an authenticator. The specific algorithm used by both the encryptor and authenticator is determined by the corresponding components of an ESP security association. By divorcing the base ESP definition from the actual algorithms that ...

Get IPSec: The New Security Standard for the Internet, Intranets, and Virtual Private Networks, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.