IP Security Protocol

The name of the IETF working group that is specifying an architecture [R2401, R4301] and set of protocols to provide security services for IP traffic. (See: AH, ESP, IKE, SAD, SPD. Compare: IPSO.)

A collective name for the IP security architecture [R4301] and associated set of protocols (primarily AH, ESP, and IKE).

Usage: In IDOCs that use the abbreviation "IPsec", the letters "IP" SHOULD be in uppercase, and the letters "sec" SHOULD NOT.

Tutorial: The security services provided by IPsec include access control service, connectionless data integrity service, data origin authentication service, protection against replays (detection of the arrival of duplicate datagrams, within a constrained window), data confidentiality service, and limited traffic-flow confidentiality. IPsec specifies (a) security protocols (AH and ESP), (b) security associations (what they are, how they work, how they are managed, and associated processing),

(c) key management (IKE), and (d) algorithms for authentication and encryption. Implementation of IPsec is optional for IP version 4, but mandatory for IP version 6. (See: transport mode, tunnel mode.)