IPsec basics (2)


the basic concept is a "security association" (SA)
unidirectional (need two for two-way)

uniquely defined by
security parameter index (SPI), an index to the security association database (SADB)
destination address
protocol type (ESP, AH)

has other properties:
mode (tunnel, transport)
encryption algorithm
hash algorithm
encryption key
authentication key
lifetime
ID

SA's expire due to lifetime - crpyto material gets refreshed!