IPsec

IPsec
Internet Protocol Security
Year started	1996
Organization	Internet Engineering Task Force
Base standards	Various, see IETF documentation chapter

In computing, Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts packets of data to provide secure encrypted communication between two computers over an Internet Protocol network. It is used in virtual private networks (VPNs).

IPsec includes protocols for establishing mutual authentication between agents at the beginning of a session and negotiation of cryptographic keys to use during the session. IPsec can protect data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host).^[1] IPsec uses cryptographic security services to protect communications over Internet Protocol (IP) networks. It supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and protection from replay attacks.

The protocol was designed by a committee instead of being designed via a competition, it was made so complex with a lot of options which has a devastating effect on a security standard.^[2] There is alleged interference of NSA to weaken its security features.

^ D. Harkins; R. Atkinson (November 1998). IP Encapsulating Security Payload (ESP). Network Working Group. doi:10.17487/RFC2406. RFC 2406. Obsolete. Obsoleted by RFC 4303, 4305. Obsoletes RFC 1827.
^ "A Cryptographic Evaluation of IPsec". Schneier on Security. December 2003. Retrieved 2024-12-01.

[rfc2406-1] D. Harkins; R. Atkinson (November 1998). IP Encapsulating Security Payload (ESP). Network Working Group. doi:10.17487/RFC2406. RFC 2406. Obsolete. Obsoleted by RFC 4303, 4305. Obsoletes RFC 1827.

[2] "A Cryptographic Evaluation of IPsec". Schneier on Security. December 2003. Retrieved 2024-12-01.

[1]

[2]