5.1.4 What is IPSec?
The Internet Engineering Task Force (IETF)'s IP Security Protocol (IPSec) working group is defining a set of specifications for cryptographically-based authentication, integrity, and confidentiality services at the IP datagram layer. IPSec is intended to be the future standard for secure communications on the Internet, but is already the de facto standard. The IPSec group's results comprise a basis for interoperably secured host-to-host pipes, encapsulated tunnels, and Virtual Private Networks (VPNs), thus providing protection for client protocols residing above the IP layer.
The protocol formats for IPSec's Authentication Header (AH) and IP Encapsulating Security Payload (ESP) are independent of the cryptographic algorithm, although certain algorithm sets are specified as mandatory for support in the interest of interoperability. Similarly, multiple algorithms are supported for key management purposes (establishing session keys for traffic protection), within IPSec's IKE framework.
The home page of the working group is located at http://www.ietf.org/html.charters/wg-dir.html. This site contains links to relevant RFC documents and Internet-Drafts.