Differences between revisions 9 and 10
Revision 9 as of 2007-05-19 07:06:14
Size: 2555
Editor: JoergMayer
Comment: Do so manual formatting in quotes.
Revision 10 as of 2008-04-12 17:51:29
Size: 2565
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 7: Line 7:
 * [http://www.ietf.org/rfc/rfc4301.txt RFC4301], Security Architecture for the Internet Protocol, S. Kent, K. Seo, December 2005, PROPOSED STANDARD.  * [[http://www.ietf.org/rfc/rfc4301.txt|RFC4301]], Security Architecture for the Internet Protocol, S. Kent, K. Seo, December 2005, PROPOSED STANDARD.
Line 9: Line 9:
 * [http://www.ietf.org/rfc/rfc4302.txt RFC4302], IP Authentication Header, S. Kent, December 2005, PROPOSED STANDARD.  * [[http://www.ietf.org/rfc/rfc4302.txt|RFC4302]], IP Authentication Header, S. Kent, December 2005, PROPOSED STANDARD.
Line 11: Line 11:
The Algorithms to use and their requirements are described in [http://www.ietf.org/rfc/rfc4305.txt RFC4305]: Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH), D. Eastlake 3rd, December 2005, PROPOSED STANDARD. The Algorithms to use and their requirements are described in [[http://www.ietf.org/rfc/rfc4305.txt|RFC4305]]: Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH), D. Eastlake 3rd, December 2005, PROPOSED STANDARD.
Line 18: Line 18:
The AH Header described in [http://www.ietf.org/rfc/rfc4302.txt RFC4302] is the following: The AH Header described in [[http://www.ietf.org/rfc/rfc4302.txt|RFC4302]] is the following:
Line 39: Line 39:
The implementation conformance requirements for security algorithms for AH are given below [http://www.ietf.org/rfc/rfc4305.txt RFC4305]. As you would suspect, all of these algorithms are authentication algorithms. The implementation conformance requirements for security algorithms for AH are given below [[http://www.ietf.org/rfc/rfc4305.txt|RFC4305]]. As you would suspect, all of these algorithms are authentication algorithms.

AH (Authentication Header)

The IP Authentication Header (AH) is used to provide connectionless integrity and data origin authentication for IP datagrams and to provide protection against replays. Currently AH is mainly described by the followings RFCs:

  • RFC4301, Security Architecture for the Internet Protocol, S. Kent, K. Seo, December 2005, PROPOSED STANDARD.

  • RFC4302, IP Authentication Header, S. Kent, December 2005, PROPOSED STANDARD.

The Algorithms to use and their requirements are described in RFC4305: Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH), D. Eastlake 3rd, December 2005, PROPOSED STANDARD.

You also may use some others Cryptographic Algorithm (have a look at the IANA for some other examples).

AH Algorithms (RFC 4305)

The AH Header described in RFC4302 is the following:

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Next Header   |  Payload Len  |          RESERVED             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                 Security Parameters Index (SPI)               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                    Sequence Number Field                      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                                                               |
   +                Authentication Data (variable)                 |
   |                                                               |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

AH Requirements

The implementation conformance requirements for security algorithms for AH are given below RFC4305. As you would suspect, all of these algorithms are authentication algorithms.

Requirement    Algorithm (notes)
-----------    ---------
MUST           HMAC-SHA1-96 [RFC2404]
SHOULD+        AES-XCBC-MAC-96 [RFC3566]
MAY            HMAC-MD5-96 [RFC2403] (1)

Note:

(1) Weaknesses have become apparent in MD5; however, these should not
    affect the use of MD5 with HMAC.

AH (last edited 2008-04-12 17:51:29 by localhost)