Re: draft-ietf-ipsec-ah-md5-00.txt

["Housley, Russ" <housley@spyrus.com>]

The draft says:

   2.  Calculation

   The 128-bit digest is calculated as described in [RFC-1321].  The 
   specification of MD5 includes a portable 'C' programming language 
   description of the MD5 algorithm.

   The "b-bit message" shall consist of the 128-bit secret 
   authentication key concatenated with (followed by) the entire IP 
   datagram.  All IP headers and payloads that are present MUST be 
   included in the computation, with header fields whose value varies in 
   transit (such as Hop Count) being assumed to contain zeros for the 
   purpose of the authentication calculation.  Also, the Authentication 
   Data field of the Authentication Header is considered to contain all 
   zeros.

Ron Rivest has stated that a shared secret at the front of a message is not 
sufficient for authentication.  I thought that I remembered this being 
discussed ath the San Jose IETF.  Further, I thought that we agreed that we 
would solve this weakness by puting the shared secret before and after the 
data payload.

Does anyone else remember this?  I seem to remember the discussion causing 
a tanget about "prepend" not being a word.

Russ

---

Follow-Ups:

• Re: draft-ietf-ipsec-ah-md5-00.txt
• From: "Perry E. Metzger" <perry@imsi.com>

---

• Prev by Date: draft-ietf-ipsec-ah-md5-00.txt
• Next by Date: Re: draft-ietf-ipsec-<many>-00.txt
• Prev by thread: draft-ietf-ipsec-ah-md5-00.txt
• Next by thread: Re: draft-ietf-ipsec-ah-md5-00.txt
• Index(es):
  • Main
  • Thread