TCP/IP詳解卷1：協議(英文版)(第2版)（簡體書）

《TCP/IP詳解(卷1):協議(英文版?第2版) 》是已故網絡專家、著名技術作家W. Richard Stevens的傳世之作，內容詳盡且極具權威，被譽為TCP/IP領域的不朽名著。
《TCP/IP詳解(卷1):協議(英文版?第2版)》是《TCP/IP詳解》的第1卷，主要講述TCP/IP協議，結合大量實例講述TCP/IP協議族的定義原因，以及在各種不同的操作系統中的應用及工作方式。第2版在保留Stevens卓越的知識體系和寫作風格的基礎上，新加入的作者Kevin R. Fall結合其作為TCP/IP協議研究領域領導者的尖端經驗來更新本書，反映了最新的協議和最佳的實踐方法。首先，他介紹了TCP/IP的核心目標和體系結構概念，展示了它們如何能連接不同的網絡和支持多個服務同時運行。接著，他詳細解釋了IPv4和IPv6網絡中的互聯網地址。然後，他采用自底向上的方式來介紹TCP/IP的結構和功能：從鏈路層協議（如Ethernet和Wi-Fi），經網絡層、傳輸層到應用層。 書中依次全面介紹了ARP、DHCP、NAT、防火墻、ICMPv4/ICMPv6、廣播、多播、UDP、DNS等，并詳細介紹了可靠傳輸和TCP，包括連接管理、超時、重傳、交互式數據流和擁塞控制。此外，還介紹了安全和加密的基礎知識，闡述了當前用于保護安全和隱私的重要協議，包括EAP、IPsec、TLS、DNSSEC和DKIM。 《TCP/IP詳解(卷1):協議(英文版?第2版)》適合任何希望理解TCP/IP協議如何實現的人閱讀，更是TCP/IP領域研究人員和開發人員的權威參考書。無論你是初學者還是功底深厚的網絡領域高手，本書都是案頭必備，將幫助你更深入和直觀地理解整個協議族，構建更好的應用和運行更可靠、更高效的網絡。
《TCP/IP詳解(卷1):協議(英文版?第2版)》特色：
1.W. Richard Stevens傳奇般的TCP/IP指南，現在被頂級網絡專家Kevin R. Fall更新，反映了新一代的基于TCP/IP的網絡技術。
2.展示每種協議的實際工作原理，并解釋其來龍去脈。
3.新增加的內容包括RPC、訪問控制、身份認證、隱私保護、NFS、SMB/CIFS、DHCP、NAT、防火墻、電子郵件、Web、Web服務、無線、無線安全等。

海報：

作者：(美國)福爾,史蒂文斯

Kevin.R.Fall博士有超過25年的TCP/IP工作經驗，并且是互聯網架構委員會成員。他是互聯網研究任務組中延遲容忍網絡研究組(DTNRG)的聯席主席，該組致力于在極端和挑戰性能的環境中探索網絡。他是一位IEEE院士。
W.RichardStevens博士(1951—1999)是國際知名的Unix和網絡專家，受人尊敬的技術作家和咨詢顧問。他教會了一代網絡專業人員使用TCP/IP的技能，使互聯網成為人們日常生活的中心。Stevens于1999年9月1日去世，年僅48歲。在短暫但精彩的人生中，他著有多部經典的傳世之作，包括《TCP/IP 詳解》(三卷本)、《UNIX網絡編程》(兩卷本)以及《UNIX環境高級編程》。2000年他被國際權威機構Usenix追授“終身成就獎”。

Forewordv
Chapter1Introduction
1.1ArchitecturalPrinciples2
1.1.1Packets,Connections,andDatagrams3
1.1.2TheEnd-to-EndArgumentandFateSharing6
1.1.3ErrorControlandFlowControl7
1.2DesignandImplementation8
1.2.1Layering8
1.2.2Multiplexing,Demultiplexing,andEncapsulationinLayered
Implementations10
1.3TheArchitectureandProtocolsoftheTCP/IPSuite13
1.3.1TheARPANETReferenceModel13
1.3.2Multiplexing,Demultiplexing,andEncapsulationinTCP/IP16
1.3.3PortNumbers17
1.3.4Names,Addresses,andtheDNS19
1.4Internets,Intranets,andExtranets19
1.5DesigningApplications20
1.5.1Client/Server20
1.5.2Peer-to-Peer21
1.5.3ApplicationProgrammingInterfaces(APIs)22
PrefacetotheSecondEditionvii
AdaptedPrefacetotheFirstEditionxiii
1.6StandardizationProcess22
1.6.1RequestforComments(RFC)23
1.6.2OtherStandards24
1.7ImplementationsandSoftwareDistributions24
1.8AttacksInvolvingtheInternetArchitecture25
1.9Summary26
1.10References28
Chapter2TheInternetAddressArchitecture3
2.1Introduction31
2.2ExpressingIPAddresses32
2.3BasicIPAddressStructure34
2.3.1ClassfulAddressing34
2.3.2SubnetAddressing36
2.3.3SubnetMasks39
2.3.4Variable-LengthSubnetMasks(VLSM)41
2.3.5BroadcastAddresses42
2.3.6IPv6AddressesandInterfaceIdentifiers43
2.4CIDRandAggregation46
2.4.1Prefixes47
2.4.2Aggregation48
2.5Special-UseAddresses50
2.5.1AddressingIPv4/IPv6Translators52
2.5.2MulticastAddresses53
2.5.3IPv4MulticastAddresses54
2.5.4IPv6MulticastAddresses57
2.5.5AnycastAddresses62
2.6Allocation62
2.6.1Unicast62
2.6.2Multicast65
2.7UnicastAddressAssignment65
2.7.1SingleProvider/NoNetwork/SingleAddress66
2.7.2SingleProvider/SingleNetwork/SingleAddress67
2.7.3SingleProvider/MultipleNetworks/MultipleAddresses67
2.7.4MultipleProviders/MultipleNetworks/MultipleAddresses
(Multihoming)68
Contentsxvii
2.8AttacksInvolvingIPAddresses70
2.9Summary71
2.10References72
Chapter3LinkLayer79
3.1Introduction79
3.2EthernetandtheIEEE802LAN/MANStandards80
3.2.1TheIEEE802LAN/MANStandards82
3.2.2TheEthernetFrameFormat84
3.2.3802.1p/q:VirtualLANsandQoSTagging89
3.2.4802.1AX:LinkAggregation(Formerly802.3ad)92
3.3FullDuplex,PowerSave,Autonegotiation,and802.1XFlowControl94
3.3.1DuplexMismatch96
3.3.2Wake-onLAN(WoL),PowerSaving,andMagicPackets96
3.3.3Link-LayerFlowControl98
3.4BridgesandSwitches98
3.4.1SpanningTreeProtocol(STP)102
3.4.2802.1ak:MultipleRegistrationProtocol(MRP)111
3.5WirelessLANs—IEEE802.11(Wi-Fi)111
3.5.1802.11Frames113
3.5.2PowerSaveModeandtheTimeSyncFunction(TSF)119
3.5.3802.11MediaAccessControl120
3.5.4Physical-LayerDetails:Rates,Channels,andFrequencies123
3.5.5Wi-FiSecurity129
3.5.6Wi-FiMesh(802.11s)130
3.6Point-to-PointProtocol(PPP)130
3.6.1LinkControlProtocol(LCP)131
3.6.2MultilinkPPP(MP)137
3.6.3CompressionControlProtocol(CCP)139
3.6.4PPPAuthentication140
3.6.5NetworkControlProtocols(NCPs)141
3.6.6HeaderCompression142
3.6.7Example143
3.7Loopback145
3.8MTUandPathMTU148
3.9TunnelingBasics149
3.9.1UnidirectionalLinks153
xviiiContents
3.10AttacksontheLinkLayer154
3.11Summary156
3.12References157
Chapter4ARP:AddressResolutionProtocol165
4.1Introduction165
4.2AnExample166
4.2.1DirectDeliveryandARP167
4.3ARPCache169
4.4ARPFrameFormat170
4.5ARPExamples171
4.5.1NormalExample171
4.5.2ARPRequesttoaNonexistentHost173
4.6ARPCacheTimeout174
4.7ProxyARP174
4.8GratuitousARPandAddressConflictDetection(ACD)175
4.9ThearpCommand177
4.10UsingARPtoSetanEmbeddedDevice’sIPv4Address178
4.11AttacksInvolvingARP178
4.12Summary179
4.13References179
Chapter5TheInternetProtocol(IP)18
5.1Introduction181
5.2IPv4andIPv6Headers183
5.2.1IPHeaderFields183
5.2.2TheInternetChecksum186
5.2.3DSFieldandECN(FormerlyCalledtheToSByteorIPv6TrafficClass)188
5.2.4IPOptions192
5.3IPv6ExtensionHeaders194
5.3.1IPv6Options196
5.3.2RoutingHeader200
5.3.3FragmentHeader203
5.4IPForwarding208
5.4.1ForwardingTable208
5.4.2IPForwardingActions209
Contentsxix
5.4.3Examples210
5.4.4Discussion215
5.5MobileIP215
5.5.1TheBasicModel:BidirectionalTunneling216
5.5.2RouteOptimization(RO)217
5.5.3Discussion220
5.6HostProcessingofIPDatagrams220
5.6.1HostModels220
5.6.2AddressSelection222
5.7AttacksInvolvingIP226
5.8Summary226
5.9References228
Chapter6SystemConfiguration:DHCPandAutoconfiguration233
6.1Introduction233
6.2DynamicHostConfigurationProtocol(DHCP)234
6.2.1AddressPoolsandLeases235
6.2.2DHCPandBOOTPMessageFormat236
6.2.3DHCPandBOOTPOptions238
6.2.4DHCPProtocolOperation239
6.2.5DHCPv6252
6.2.6UsingDHCPwithRelays267
6.2.7DHCPAuthentication271
6.2.8ReconfigureExtension273
6.2.9RapidCommit273
6.2.10LocationInformation(LCIandLoST)274
6.2.11MobilityandHandoffInformation(MoSandANDSF)275
6.2.12DHCPSnooping276
6.3StatelessAddressAutoconfiguration(SLAAC)276
6.3.1DynamicConfigurationofIPv4Link-LocalAddresses276
6.3.2IPv6SLAACforLink-LocalAddresses276
6.4DHCPandDNSInteraction285
6.5PPPoverEthernet(PPPoE)286
6.6AttacksInvolvingSystemConfiguration292
6.7Summary292
6.8References293
xxContents
Chapter7FirewallsandNetworkAddressTranslation(NAT)299
7.1Introduction299
7.2Firewalls300
7.2.1Packet-FilteringFirewalls300
7.2.2ProxyFirewalls301
7.3NetworkAddressTranslation(NAT)303
7.3.1TraditionalNAT:BasicNATandNAPT305
7.3.2AddressandPortTranslationBehavior311
7.3.3FilteringBehavior313
7.3.4ServersbehindNATs314
7.3.5HairpinningandNATLoopback314
7.3.6NATEditors315
7.3.7ServiceProviderNAT(SPNAT)andServiceProviderIPv6
Transition315
7.4NATTraversal316
7.4.1PinholesandHolePunching317
7.4.2UNilateralSelf-AddressFixing(UNSAF)317
7.4.3SessionTraversalUtilitiesforNAT(STUN)319
7.4.4TraversalUsingRelaysaroundNAT(TURN)326
7.4.5InteractiveConnectivityEstablishment(ICE)332
7.5ConfiguringPacket-FilteringFirewallsandNATs334
7.5.1FirewallRules335
7.5.2NATRules337
7.5.3DirectInteractionwithNATsandFirewalls:UPnP,NAT-PMP,
andPCP338
7.6NATforIPv4/IPv6CoexistenceandTransition339
7.6.1Dual-StackLite(DS-Lite)339
7.6.2IPv4/IPv6TranslationUsingNATsandALGs340
7.7AttacksInvolvingFirewallsandNATs345
7.8Summary346
7.9References347
Chapter8ICMPv4andICMPv6:InternetControlMessageProtocol353
8.1Introduction353
8.1.1EncapsulationinIPv4andIPv6354
8.2ICMPMessages355
8.2.1ICMPv4Messages356
Contentsxxi
8.2.2ICMPv6Messages358
8.2.3ProcessingofICMPMessages360
8.3ICMPErrorMessages361
8.3.1ExtendedICMPandMultipartMessages363
8.3.2DestinationUnreachable(ICMPv4Type3,ICMPv6Type1)
andPacketTooBig(ICMPv6Type2)364
8.3.3Redirect(ICMPv4Type5,ICMPv6Type137)372
8.3.4ICMPTimeExceeded(ICMPv4Type11,ICMPv6Type3)375
8.3.5ParameterProblem(ICMPv4Type12,ICMPv6Type4)379
8.4ICMPQuery/InformationalMessages380
8.4.1EchoRequest/Reply(ping)(ICMPv4Types0/8,ICMPv6Types
129/128)380
8.4.2RouterDiscovery:RouterSolicitationandAdvertisement
(ICMPv4Types9,10)383
8.4.3HomeAgentAddressDiscoveryRequest/Reply(ICMPv6Types
144/145)386
8.4.4MobilePrefixSolicitation/Advertisement(ICMPv6Types146/147)387
8.4.5MobileIPv6FastHandoverMessages(ICMPv6Type154)388
8.4.6MulticastListenerQuery/Report/Done(ICMPv6Types
130/131/132)388
8.4.7Version2MulticastListenerDiscovery(MLDv2)(ICMPv6
Type143)390
8.4.8MulticastRouterDiscovery(MRD)(IGMPTypes48/49/50,
ICMPv6Types151/152/153)394
8.5NeighborDiscoveryinIPv6395
8.5.1ICMPv6RouterSolicitationandAdvertisement(ICMPv6Types
133,134)396
8.5.2ICMPv6NeighborSolicitationandAdvertisement(IMCPv6Types
135,136)398
8.5.3ICMPv6InverseNeighborDiscoverySolicitation/Advertisement
(ICMPv6Types141/142)401
8.5.4NeighborUnreachabilityDetection(NUD)402
8.5.5SecureNeighborDiscovery(SEND)403
8.5.6ICMPv6NeighborDiscovery(ND)Options407
8.6TranslatingICMPv4andICMPv6424
8.6.1TranslatingICMPv4toICMPv6424
8.6.2TranslatingICMPv6toICMPv4426
8.7AttacksInvolvingICMP428
xxiiContents
8.8Summary430
8.9References430
Chapter9BroadcastingandLocalMulticasting(IGMPandMLD)435
9.1Introduction435
9.2Broadcasting436
9.2.1UsingBroadcastAddresses437
9.2.2SendingBroadcastDatagrams439
9.3Multicasting441
9.3.1ConvertingIPMulticastAddressesto802MAC/EthernetAddresses442
9.3.2Examples444
9.3.3SendingMulticastDatagrams446
9.3.4ReceivingMulticastDatagrams447
9.3.5HostAddressFiltering449
9.4TheInternetGroupManagementProtocol(IGMP)andMulticastListener
DiscoveryProtocol(MLD)451
9.4.1IGMPandMLDProcessingbyGroupMembers(“Group
MemberPart”)454
9.4.2IGMPandMLDProcessingbyMulticastRouters(“Multicast
RouterPart”)457
9.4.3Examples459
9.4.4LightweightIGMPv3andMLDv2464
9.4.5IGMPandMLDRobustness465
9.4.6IGMPandMLDCountersandVariables467
9.4.7IGMPandMLDSnooping468
9.5AttacksInvolvingIGMPandMLD469
9.6Summary470
9.7References471
Chapter10UserDatagramProtocol(UDP)andIPFragmentation473
10.1Introduction473
10.2UDPHeader474
10.3UDPChecksum475
10.4Examples478
10.5UDPandIPv6481
10.5.1Teredo:TunnelingIPv6throughIPv4Networks482
Contentsxxiii
10.6UDP-Lite487
10.7IPFragmentation488
10.7.1Example:UDP/IPv4Fragmentation488
10.7.2ReassemblyTimeout492
10.8PathMTUDiscoverywithUDP493
10.8.1Example493
10.9InteractionbetweenIPFragmentationandARP/ND496
10.10MaximumUDPDatagramSize497
10.10.1ImplementationLimitations497
10.10.2DatagramTruncation498
10.11UDPServerDesign498
10.11.1IPAddressesandUDPPortNumbers499
10.11.2RestrictingLocalIPAddresses500
10.11.3UsingMultipleAddresses501
10.11.4RestrictingForeignIPAddress502
10.11.5UsingMultipleServersperPort503
10.11.6SpanningAddressFamilies:IPv4andIPv6504
10.11.7LackofFlowandCongestionControl505
10.12TranslatingUDP/IPv4andUDP/IPv6Datagrams505
10.13UDPintheInternet506
10.14AttacksInvolvingUDPandIPFragmentation507
10.15Summary508
10.16References508
Chapter11NameResolutionandtheDomainNameSystem(DNS)51
11.1Introduction511
11.2TheDNSNameSpace512
11.2.1DNSNamingSyntax514
11.3NameServersandZones516
11.4Caching517
11.5TheDNSProtocol518
11.5.1DNSMessageFormat520
11.5.2TheDNSExtensionFormat(EDNS0)524
11.5.3UDPorTCP525
11.5.4Question(Query)andZoneSectionFormat526
11.5.5Answer,Authority,andAdditionalInformationSectionFormats526
11.5.6ResourceRecordTypes527
xxivContents
11.5.7DynamicUpdates(DNSUPDATE)555
11.5.8ZoneTransfersandDNSNOTIFY558
11.6SortLists,Round-Robin,andSplitDNS565
11.7OpenDNSServersandDynDNS567
11.8TransparencyandExtensibility567
11.9TranslatingDNSfromIPv4toIPv6(DNS64)568
11.10LLMNRandmDNS569
11.11LDAP570
11.12AttacksontheDNS571
11.13Summary572
11.14References573
Chapter12TCP:TheTransmissionControlProtocol(Preliminaries)579
12.1Introduction579
12.1.1ARQandRetransmission580
12.1.2WindowsofPacketsandSlidingWindows581
12.1.3VariableWindows:FlowControlandCongestionControl583
12.1.4SettingtheRetransmissionTimeout584
12.2IntroductiontoTCP584
12.2.1TheTCPServiceModel585
12.2.2ReliabilityinTCP586
12.3TCPHeaderandEncapsulation587
12.4Summary591
12.5References591
Chapter13TCPConnectionManagement595
13.1Introduction595
13.2TCPConnectionEstablishmentandTermination595
13.2.1TCPHalf-Close598
13.2.2SimultaneousOpenandClose599
13.2.3InitialSequenceNumber(ISN)601
13.2.4Example602
13.2.5TimeoutofConnectionEstablishment604
13.2.6ConnectionsandTranslators605
13.3TCPOptions605
13.3.1MaximumSegmentSize(MSS)Option606
Contentsxxv
13.3.2SelectiveAcknowledgment(SACK)Options607
13.3.3WindowScale(WSCALEorWSOPT)Option608
13.3.4TimestampsOptionandProtectionagainstWrapped
SequenceNumbers(PAWS)608
13.3.5UserTimeout(UTO)Option611
13.3.6AuthenticationOption(TCP-AO)612
13.4PathMTUDiscoverywithTCP612
13.4.1Example613
13.5TCPStateTransitions616
13.5.1TCPStateTransitionDiagram617
13.5.2TIME_WAIT(2MSLWait)State618
13.5.3QuietTimeConcept624
13.5.4FIN_WAIT_2State625
13.5.5SimultaneousOpenandCloseTransitions625
13.6ResetSegments625
13.6.1ConnectionRequesttoNonexistentPort626
13.6.2AbortingaConnection627
13.6.3Half-OpenConnections628
13.6.4TIME-WAITAssassination(TWA)630
13.7TCPServerOperation631
13.7.1TCPPortNumbers632
13.7.2RestrictingLocalIPAddresses634
13.7.3RestrictingForeignEndpoints635
13.7.4IncomingConnectionQueue636
13.8AttacksInvolvingTCPConnectionManagement640
13.9Summary642
13.10References643
Chapter14TCPTimeoutandRetransmission647
14.1Introduction647
14.2SimpleTimeoutandRetransmissionExample648
14.3SettingtheRetransmissionTimeout(RTO)651
14.3.1TheClassicMethod651
14.3.2TheStandardMethod652
14.3.3TheLinuxMethod657
14.3.4RTTEstimatorBehaviors661
14.3.5RTTMRobustnesstoLossandReordering662
xxviContents
14.4Timer-BasedRetransmission664
14.4.1Example665
14.5FastRetransmit667
14.5.1Example668
14.6RetransmissionwithSelectiveAcknowledgments671
14.6.1SACKReceiverBehavior672
14.6.2SACKSenderBehavior673
14.6.3Example673
14.7SpuriousTimeoutsandRetransmissions677
14.7.1DuplicateSACK(DSACK)Extension677
14.7.2TheEifelDetectionAlgorithm679
14.7.3Forward-RTORecovery(F-RTO)680
14.7.4TheEifelResponseAlgorithm680
14.8PacketReorderingandDuplication682
14.8.1Reordering682
14.8.2Duplication684
14.9DestinationMetrics685
14.10Repacketization686
14.11AttacksInvolvingTCPRetransmission687
14.12Summary688
14.13References689
Chapter15TCPDataFlowandWindowManagement69
15.1Introduction691
15.2InteractiveCommunication692
15.3DelayedAcknowledgments695
15.4NagleAlgorithm696
15.4.1DelayedACKandNagleAlgorithmInteraction699
15.4.2DisablingtheNagleAlgorithm699
15.5FlowControlandWindowManagement700
15.5.1SlidingWindows701
15.5.2ZeroWindowsandtheTCPPersistTimer704
15.5.3SillyWindowSyndrome(SWS)708
15.5.4LargeBuffersandAuto-Tuning715
15.6UrgentMechanism719
15.6.1Example720
15.7AttacksInvolvingWindowManagement723
Contentsxxvii
15.8Summary723
15.9References724
Chapter16TCPCongestionControl727
16.1Introduction727
16.1.1DetectionofCongestioninTCP728
16.1.2SlowingDownaTCPSender729
16.2TheClassicAlgorithms730
16.2.1SlowStart732
16.2.2CongestionAvoidance734
16.2.3SelectingbetweenSlowStartandCongestionAvoidance736
16.2.4Tahoe,Reno,andFastRecovery737
16.2.5StandardTCP738
16.3EvolutionoftheStandardAlgorithms739
16.3.1NewReno739
16.3.2TCPCongestionControlwithSACK740
16.3.3ForwardAcknowledgment(FACK)andRateHalving741
16.3.4LimitedTransmit742
16.3.5CongestionWindowValidation(CWV)742
16.4HandlingSpuriousRTOs—theEifelResponseAlgorithm744
16.5AnExtendedExample745
16.5.1SlowStartBehavior749
16.5.2SenderPauseandLocalCongestion(Event1)750
16.5.3StretchACKsandRecoveryfromLocalCongestion754
16.5.4FastRetransmissionandSACKRecovery(Event2)757
16.5.5AdditionalLocalCongestionandFastRetransmitEvents759
16.5.6Timeouts,Retransmissions,andUndoingcwndChanges762
16.5.7ConnectionCompletion766
16.6SharingCongestionState767
16.7TCPFriendliness768
16.8TCPinHigh-SpeedEnvironments770
16.8.1HighSpeedTCP(HSTCP)andLimitedSlowStart770
16.8.2BinaryIncreaseCongestionControl(BICandCUBIC)772
16.9Delay-BasedCongestionControl777
16.9.1Vegas777
16.9.2FAST778
xxviiiContents
16.9.3TCPWestwoodandWestwood+779
16.9.4CompoundTCP779
16.10BufferBloat781
16.11ActiveQueueManagementandECN782
16.12AttacksInvolvingTCPCongestionControl785
16.13Summary786
16.14References788
Chapter17TCPKeepalive793
17.1Introduction793
17.2Description795
17.2.1KeepaliveExamples797
17.3AttacksInvolvingTCPKeepalives802
17.4Summary802
17.5References803
Chapter18Security:EAP,IPsec,TLS,DNSSEC,andDKIM805
18.1Introduction805
18.2BasicPrinciplesofInformationSecurity806
18.3ThreatstoNetworkCommunication807
18.4BasicCryptographyandSecurityMechanisms809
18.4.1Cryptosystems809
18.4.2Rivest,Shamir,andAdleman(RSA)PublicKeyCryptography812
18.4.3Diffie-Hellman-MerkleKeyAgreement(akaDiffie-HellmanorDH)813
18.4.4SigncryptionandEllipticCurveCryptography(ECC)814
18.4.5KeyDerivationandPerfectForwardSecrecy(PFS)815
18.4.6PseudorandomNumbers,Generators,andFunctionFamilies815
18.4.7NoncesandSalt816
18.4.8CryptographicHashFunctionsandMessageDigests817
18.4.9MessageAuthenticationCodes(MACs,HMAC,CMAC,andGMAC)818
18.4.10CryptographicSuitesandCipherSuites819
18.5Certificates,CertificateAuthorities(CAs),andPKIs821
18.5.1PublicKeyCertificates,CertificateAuthorities,andX.509822
18.5.2ValidatingandRevokingCertificates828
18.5.3AttributeCertificates831
Contentsxxix
18.6TCP/IPSecurityProtocolsandLayering832
18.7NetworkAccessControl:802.1X,802.1AE,EAP,andPANA833
18.7.1EAPMethodsandKeyDerivation837
18.7.2TheEAPRe-authenticationProtocol(ERP)839
18.7.3ProtocolforCarryingAuthenticationforNetworkAccess(PANA)839
18.8Layer3IPSecurity(IPsec)840
18.8.1InternetKeyExchange(IKEv2)Protocol842
18.8.2AuthenticationHeader(AH)854
18.8.3EncapsulatingSecurityPayload(ESP)858
18.8.4Multicast864
18.8.5L2TP/IPsec865
18.8.6IPsecNATTraversal865
18.8.7Example867
18.9TransportLayerSecurity(TLSandDTLS)876
18.9.1TLS1.2877
18.9.2TLSwithDatagrams(DTLS)891
18.10DNSSecurity(DNSSEC)894
18.10.1DNSSECResourceRecords896
18.10.2DNSSECOperation902
18.10.3TransactionAuthentication(TSIG,TKEY,andSIG(0))911
18.10.4DNSSECwithDNS64915
18.11DomainKeysIdentifiedMail(DKIM)915
18.11.1DKIMSignatures916
18.11.2Example916
18.12AttacksonSecurityProtocols918
18.13Summary919
18.14References922
GlossaryofAcronyms933
Index963