| (I) An Internet IPsec protocol [R2406] designed to provide a mix
of security services--especially data confidentiality service--in
the Internet Protocol. (See: Authentication Header.)
(C) ESP may be used alone, or in combination with the IPsec AH
protocol, or in a nested fashion with tunneling. Security services
can be provided between a pair of communicating hosts, between a
pair of communicating security gateways, or between a host and a
gateway. The ESP header is encapsulated by the IP header, and the
ESP header encapsulates either the upper layer protocol header
(transport mode) or an IP header (tunnel mode). ESP can provide
data confidentiality service, data origin authentication service,
connectionless data integrity service, an anti-replay service, and
limited traffic flow confidentiality. The set of services depends
on the placement of the implementation and on options selected
when the security association is established.
|
