The IPSEC Framework
The security framework for the IP protocol layer has been formally defined and standardized by the IETF IP Security Protocol Working Group (IPSEC) in RFC 2401.
Figure 5-6. Relationship between IPSEC components (RFC 2411)
The framework currently consists of six distinct elements, as shown in Figure 5-6:
A general description of security requirements and mechanisms on the network layer
A specific security element for encryption (Encrypted Security Payload [ESP]; see RFC 2406)
A specific security element for authentication (Authentication Header [AH]; see RFC 2402)
Definitions for using concrete cryptographic algorithms for encryption and authentication
The definition of security policies and Security Associations between communicating partners
IPSEC key management, which is based on key management on a more general framework.
It must be noted that these mechanisms are considered generic; they could be used in both IPv4 and IPv6 contexts. They would have to be retrofitted into existing IPv4 software, but they are an integrated, mandatory part of the basic IPv6 protocol suite.
The work of the IPSEC Working Group is closely related to work in other Working Groups in the Security Area, such as IP Security Policy (IPSP) and X.509 Public-Key Infrastructure (PKIX).
Get IPv6 Essentials now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
