Find the answers for the ...

Find the answers for the questions I am not sure about.

Q: Is it correct that a certificate contains both the public key and private key of a user? Who should sign a certificate? why?

A: No, only the public key. The trusted Third Party (usually CA) should sign a certificate in order to let anyone needing this user’s public key can obtain the certificate and verify that it is valid by way of the attached trusted signature.


Q: What is 802.11i?

A: 802.11i is a standard for wireless local area networks (WLANs) that provides improved encryption for networks that use the popular 802.11a and 802.11b (which includes Wi-Fi standards).



Check links below for the detail.
+ RFC 4301 - Security Architecture for the Internet Protocol
+ IPsec - Wikipedia, the free encyclopedia

Q: In IPsec, explain security association (SA) and who may keep it?

A: An SA is a simplex "connection" that affords security services to the traffic carried by it. (RFC-4301 4.1)

Both client & server will keep it.

  • Security association - Wikipedia, the free encyclopedia
    • A Security Association (SA) is the establishment of shared security attributes between two network entities to support secure communication.
  • An SA is a simplex (one-way channel) and logical connection which endorses and provides a secure data connection between the network devices.
  • An SA is a logical group of security parameters that enable the sharing of information to another entity.

Q: In IPsec, explain security association database (SAD) and who may keep it?

A: In each IPsec implementation, there is a nominal Security Association Database (SAD), in which each entry defines the parameters associated with one SA. Each SA has an entry in the SAD. (RFC-4301 4.4.2)

Both client & server will keep it.


Q: In IPsec, if ESP and AH support authentication? confidentiality?

A: AH support authentication; ESP support authentication and cofidentiality;


Q: IPsec Modes detail

A: Transport mode and Tunnel Mode


Q: IPsec Header

ESP Encryption and Authentication


ESP Transport mode & Tunnel mode




如果覺得這篇文章對你有幫助, 除了留言讓我知道外, 或許也可以考慮請我喝杯咖啡, 不論金額多寡我都會非常感激且能鼓勵我繼續寫出對你有幫助的文章。

If this blog post happens to be helpful to you, besides of leaving a reply, you may consider buy me a cup of coffee to support me. It would help me write more articles helpful to you in the future and I would really appreciate it.

Related Posts