Browse Prior Art Database

Security Architecture for the Internet Protocol (RFC2401)

IP.com Disclosure Number: IPCOM000002976D
Original Publication Date: 1998-Nov-01
Included in the Prior Art Database: 2019-Feb-11
Document File: 66 page(s) / 96K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

S. Kent: AUTHOR [+1]

Related Documents

10.17487/RFC2401: DOI

Abstract

This memo specifies the base architecture for IPsec compliant systems. [STANDARDS-TRACK]

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 2% of the total text.

Network Working Group S. Kent Request for Comments: 2401 BBN Corp Obsoletes: 1825 R. Atkinson Category: Standards Track @Home Network November 1998

Security Architecture for the Internet Protocol

Status of this Memo

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

Table of Contents

1. Introduction........................................................3 1.1 Summary of Contents of Document..................................3 1.2 Audience.........................................................3 1.3 Related Documents................................................4 2. Design Objectives...................................................4 2.1 Goals/Objectives/Requirements/Problem Description................4 2.2 Caveats and Assumptions..........................................5 3. System Overview.....................................................5 3.1 What IPsec Does..................................................6 3.2 How IPsec Works..................................................6 3.3 Where IPsec May Be Implemented...................................7 4. Security Associations...............................................8 4.1 Definition and Scope.............................................8 4.2 Security Association Functionality..............................10 4.3 Combining Security Associations.................................11 4.4 Security Association Databases..................................13 4.4.1 The Security Policy Database (SPD).........................14 4.4.2 Selectors..................................................17 4.4.3 Security Association Database (SAD)........................21 4.5 Basic Combinations of Security Associations.....................24 4.6 SA and Key Management...........................................26 4.6.1 Manual Techniques..........................................27 4.6.2 Automated SA and Key Management............................27 4.6.3 Locating a Security Gateway................................28 4.7 Security Associations and Multicast.............................29

Kent & Atkinson Standards Track [Page 1]

RFC 2401 Security Architecture for IP November 1998

5. IP Traffic Processing..............................................30 5.1 Outbound IP Traffic Processing..................................30 5.1.1 Selecting and Using an SA or SA Bundle.....................30 5.1.2 Header Construction for Tunnel Mode........................31 5.1.2.1 IPv4 -- Header Construction for Tunnel Mode...........31 5.1.2.2 IPv6 -- Header Construction for Tunnel Mode...........32 5.2 Processing Inbound IP Traffic...................................33 5.2.1...

Processing...
Loading...