Introduction

The protocol that provides the addressing used on the Internet today is Internet Protocol (IP) version 4. In its original Request for Comments (RFC) 791, the designers of IP decided that it would be specifically limited in scope to provide the functions necessary to deliver a package of bits (an internet datagram) from a source to a destination over an interconnected system of networks. Additionally, it was decided that there would be no mechanisms to augment end-to-end data reliability, flow control, sequencing, or other services commonly found in host-to-host protocols. The Internet Protocol can capitalize on the services of its supporting networks to provide various types and qualities of service. (See www.ietf.org/rfc/rfc0791.txt?number=791.)

Obviously created during a time of free love and inherent trust for academic and military purposes, there are no mechanisms built into IP to secure the information that it is delivering. In an attempt to correct this faux pas for the increasingly security-sensitive corporate and commercial Internet, in November 1998 the Network Working Group of the Internet Engineering Task Force (IETF) put forth RFC 2401. RFC 2401, otherwise known as Security Architecture for the Internet Protocol (IPSec), is an attempt to provide security for both IPv4 and IPv6 at the network layer.

This security is designed to be highly interoperable and based on cryptographic mechanisms to provide access control, connectionless integrity, data origin authentication, protection against replays, confidentiality, and limited traffic flow confidentiality. By providing these security services at the IP or network layer, the higher...