Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

IP Encapsulating Security Payload (ESP) (RFC1827)

IP.com Disclosure Number: IPCOM000004085D
Original Publication Date: 1995-Aug-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 10 page(s) / 28K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

R. Atkinson: AUTHOR

Abstract

This document describes the IP Encapsulating Security Payload (ESP). ESP is a mechanism for providing integrity and confidentiality to IP datagrams. In some circumstances it can also provide authentication to IP datagrams. The mechanism works with both IPv4 and IPv6.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 10% of the total text.

Network Working Group R. Atkinson

Request for Comments: 1827 Naval Research Laboratory

Category: Standards Track August 1995

IP Encapsulating Security Payload (ESP)

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

ABSTRACT

This document describes the IP Encapsulating Security Payload (ESP).

ESP is a mechanism for providing integrity and confidentiality to IP

datagrams. In some circumstances it can also provide authentication

to IP datagrams. The mechanism works with both IPv4 and IPv6.

1. INTRODUCTION

ESP is a mechanism for providing integrity and confidentiality to IP

datagrams. It may also provide authentication, depending on which

algorithm and algorithm mode are used. Non-repudiation and

protection from traffic analysis are not provided by ESP. The IP

Authentication Header (AH) might provide non-repudiation if used with

certain authentication algorithms [Atk95b]. The IP Authentication

Header may be used in conjunction with ESP to provide authentication.

Users desiring integrity and authentication without confidentiality

should use the IP Authentication Header (AH) instead of ESP. This

document assumes that the reader is familiar with the related

document "IP Security Architecture", which defines the overall

Internet-layer security architecture for IPv4 and IPv6 and provides

important background for this specification [Atk95a].

1.1 Overview

The IP Encapsulating Security Payload (ESP) seeks to provide

confidentiality and integrity by encrypting data to be protected and

placing the encrypted data in the data portion of the IP

Encapsulating Security Payload. Depending on the user's security

requirements, this mechanism may be used to encrypt either a

transport-layer segment (e.g., TCP, UDP, ICMP, IGMP) or an entire IP

datagram. Encapsulating the protected data is necessary to provide

confidentiality for the entire original datagram.

Use of this specification will increase the IP protocol processing

costs in participating systems and will also increase the

communications latency. The increased latency is primarily due to

the encryption and decryption required for each IP datagram

containing an Encapsulating Security Payload.

In ...