Encapsulating Security Protocol (ESP)

• ESP encrypts and/or authenticates everything above the IPSec layer

• ESP does not protect fields in the outer IP header

  • if you want to protect an IP header, cover it with ESP and wrap it in another IP packet

• ESP arguably makes AH unnecessary

  • even the guy who originally proposed AH agrees
  • but these things tend to get lives of their own...

Previous slide

Next slide

Back to first slide

View graphic version