106 Copyright © 2009 Open Geospatial Consortium, Inc. 10.1.1 IPSec see [2] IPSec defines a protocol that secures Internet Protocol IP based communication between network endpoints on ISOOSI layer 3 network layer. It thereby creates secure tunnels through untrustedunsecure networks ensuring confidential and authenticated communication. Sites connected by these tunnels form Virtual Private Networks VPNs. The following protocols are used in IPsec: ESP Encapsulating Security Payload is the encrypted information that is transported, AH Authentication Header provides authentication for data packets and IKE Internet Key Exchange negotiates connection parameters. The strength of IPSec is that applications can use the secure communication established provided by IPSec without any knowledge. Even though this is a strength, it needs to be remembered that IPSec does not establish an end-to-end secure communication, as it is provided by message layer security. This is important to understand when building a network topology that consists of multiple segments, each using their own IPSec configuration. 10.1.2 TLS SSL see [3] The TLSSSL protocol enables applications to communicate in a point-to-point fashion by establishing a secure communication channel that supports integrity and confidentiality of the exchanged information. It requires that the server authenticates itself. Also, TLSSSL provides optional mutual client authentication, which is almost never used. Based on a challenge requestresponse handshake that involves asymmetric encryption, the client and server establish agree on a shared secret symmetric key to encrypt all further communication that is associated to the current session. Because TLSSSL secures the entire information that is exchanged between communication partners, it cannot be used if individual parts of one message are or the entire message is confidential for receivers different from the client and the server. Also, transparent proxy connections are not possible. In addition, the use of TLSSSL is not sufficient if message repudiation is important, as the encryption is based on a shared secret. Here, message layer protection must be established to enable secure and trusted audit. Copyright © 2009 Open Geospatial Consortium, Inc. 107

10.2 Standards for securing Communication on the Binding Layer