RFC 1827 (rfc1827) - Page 1 of 12
IP Encapsulating Security Payload (ESP)
Alternative Format: Original Text Document
Network Working Group R. Atkinson
Request for Comments: 1827 Naval Research Laboratory
Category: Standards Track August 1995
IP Encapsulating Security Payload (ESP)
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
ABSTRACT
This document describes the IP Encapsulating Security Payload (ESP).
ESP is a mechanism for providing integrity and confidentiality to IP
datagrams. In some circumstances it can also provide authentication
to IP datagrams. The mechanism works with both IPv4 and IPv6.
1. INTRODUCTION
ESP is a mechanism for providing integrity and confidentiality to IP
datagrams. It may also provide authentication, depending on which
algorithm and algorithm mode are used. Non-repudiation and
protection from traffic analysis are not provided by ESP. The IP
Authentication Header (AH) might provide non-repudiation if used with
certain authentication algorithms [Atk95b]. The IP Authentication
Header may be used in conjunction with ESP to provide authentication.
Users desiring integrity and authentication without confidentiality
should use the IP Authentication Header (AH) instead of ESP. This
document assumes that the reader is familiar with the related
document "IP Security Architecture", which defines the overall
Internet-layer security architecture for IPv4 and IPv6 and provides
important background for this specification [Atk95a].
1.1 Overview
The IP Encapsulating Security Payload (ESP) seeks to provide
confidentiality and integrity by encrypting data to be protected and
placing the encrypted data in the data portion of the IP
Encapsulating Security Payload. Depending on the user's security
requirements, this mechanism may be used to encrypt either a
transport-layer segment (e.g., TCP, UDP, ICMP, IGMP) or an entire IP
datagram. Encapsulating the protected data is necessary to provide
confidentiality for the entire original datagram.
Atkinson Standards Track