This preview shows page 1. Sign up to view the full content.
Unformatted text preview: public key with the principal that possesses the corresponding private key. While it is perfectly OK to advertise the public key, it is critical to know to whom the key belongs, or else a third party can spoof the identity of a given principal, possibly engaging in a man-in-the-middle attack. 2. The most common IPSEC protocol is ESP (Encapsulating Security Payload) , as opposed to AH (Authentication Header). This is because ESP also provides authentication capability, whereas AH does not provide for confidentiality, which is generally desirable. Tunneling Mode is the most common transport mode, because the end stations do not have to be IPSEC aware, and only the certificate and session keys for the IPSEC gateway need to be managed, as opposed to certificates for every host behind the gateway and for every pair of communicating hosts....
View Full Document
- Spring '09