IPsec is designed to provide interoperable, high quality, cryptographically-based security for IPv4 and IPv6. The set of security services offered includes access control, connectionless integrity, data origin authentication, protection against replays (a form of partial sequence integrity), confidentiality (encryption) and limited traffic flow confidentiality. These services are provided at the IP layer, offering protection for IP and/or upper layer protocols.
These objectives are met through the use of two general traffic security protocols and through the use of cryptographic key management procedures and protocols.
When these mechanisms are correctly implemented and deployed, they ought not to adversely affect users, hosts, and other Internet components that do not employ these security mechanisms for protection of their traffic. These mechanisms also are designed to be algorithm-independent. This modularity permits selection of different sets of algorithms without affecting the other parts of the implementation.
A standard set of default algorithms is specified to facilitate interoperability in the global Internet. The use of these algorithms, in conjunction with IPsec traffic protection and key management protocols, is intended to permit system and application developers to deploy high quality, Internet layer, cryptographic security technology.
Większość informacji uzyskałem ze stron The Internet Engineering Task Force, organizacji, która skupia grupy robocze zajmujące się m.in. bezpieczeństwem w sieci. Są tam między innymi strony poświęcone ipsec oraz tls, na których znajdują się linki do konkretnych draftów i RFC. Informacje o protokole SSL znalazłem na odpowiedniej stronie firmy Netscape. Więcej informacji o ipsec można znaleźć na stronie http://www.hologuard.com/useful-resources/learning-centre/17/. Krzysztof Ostrowski