17. IPsec: AH and ESP

IPsec is an IETF standard for real-time communication security. The concepts behind such a protocol were already covered in Chapter 16 Real-time Communication Security. The main pieces of IPsec are AH and ESP, which describe the IP header extensions for carrying cryptographically protected data, and IKE, which is a protocol for authenticating and establishing a session key. This chapter covers AH and ESP, and Chapter 18 IPsec: IKE will cover IKE.

17.1. Overview of IPsec

The part of IPsec that we cover in this chapter assumes that two nodes already have a shared session key, which might have been configured manually, or established through IKE.

Since Bob might be receiving IPsec-protected packets from many sources, maybe ...

Get Network Security: Private Communication in a Public World, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.