IPsec is a protocol suite for securing IP communications by encrypting IP packets of a data stream. IPsec can use a tunnel mode or a transport mode. Transport mode is used for host-to-host communications and only the payload is encapsulated with the IP header left unchanged. In the tunnel mode the entire IP packet is encrypted and a new header is provided. Tunnel mode is used to establish virtual private networks (VPNs) for secure network-to-network, host-to-host, host-to-network, etc. communications between remote sites. IPsec uses the Internet Key Exchange (IKE/IKEv2) protocol to set up a security association by handling negotiation of protocols and algorithms used to generate encryption and authentication keys for IPsec communications. IPsec uses the Encapsulating Security Payload (ESP) protocol to provide authentication and confidentiality for the IP packets. Thus, IPsec can be used to secure upper layer communications, e.g., user datagram protocol (UDP) over IPsec, or Transport Control Protocol (TCP) over IPsec, and application-to-application communications like Java Message Service.
The Extensible Messaging and Presence Protocol (XMPP), also known as Jabber, is the current Internet Engineering Task Force (IETF) standard for instant messaging and presence. In addition to server-mediated instant messaging, XMPP has been augmented with a signaling mechanism (called “Jingle”) to establish unmediated peer-to-peer sessions, such as voice or video sessions. Such peer-to-peer sessions are used to supplement the normal course of instant messaging, e.g., by carrying on a voice conversation in parallel with the text session. The connection that is already established by virtue of XMPP presence can be exploited for peer-to-peer session establishment.