Negotiate protection suite, crypto algorithms
Establish shared secret
e.g., use Diffie-Hellman
Authenticate the shared secret, IKE SA
e.g., using pre-shared secret key, public-key encryption or digital signatures
Secure Socket Layer(ssl) and transport layer security
-one of the most widely used security services
-general-purpose service implemented as a set of protocols that rely on TCP
-subsequently became internet standard: Transport layer security