SSL REFERENCE MATERIAL:
Introductions and overviews:
SSL Programming Tutorial, from HP's OpenVMS Systems Documentation
Several HOWTO documents from OpenSSL:
Reference materials:
IPSEC REFERENCE MATERIAL:
Introductions and overviews:
IPsec HOWTO provides an over view of implementing the IPsec protocol in a Linux 2.6 kernel
An introduction to IP Security (IPsec) Encryption, from Cisco Systems, Inc.
Various shorter articles:
Configuring an IPsec tunnel between Openswan and Windows 2000/XP with X509
Digging secure tunnels with IPsec
IPsec as a topic in a HOWTO document on SSL certificates
IPsec/VPN with FreeS/WAN as a topic in the document "Securing and Optimizing Linux" (written in 2000, focused on RedHat Linux)
TERMINOLOGY:
Authentication Header (AH): IP protocol that provides connectionless integrity and data origin authentication for IP datagrams and to provide protection against replay attacks.
Certificate Authority (CA)
Encapsulating Security Payload (ESP): IP protocol that provides confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and limited traffic flow confidentiality.
Internet Key Exchange (IKE)
Public Key Infrastructure (PKI)
Security Association (SA): provides the bundle of algorithms and data that provide the parameters necessary to operate the Authentication Heaer (AH) and/or Encapsulating Security Payload (ESP) operations.
Security Association Database (SAD)
Security Parameter Index (SPI)
Security Policy (SP)
Security Policy Database (SPD)
Transport mode: Only the payload of the IP packet is encrypted; headers are unencrypted
Tunnel mode: The entire IP packet is encrypted.