[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: draft-ietf-ipsec-ah-md5-00.txt




The group agreed at the San Jose meeting to use the same 128-bit secret at the 
front and back of the data payload.

Paul
_______________________________________________________________________________
Subject: Re: draft-ietf-ipsec-ah-md5-00.txt
Author:  housley@spyrus.com@INTERNET
Date:    1/16/95  2:32 PM

Encoding: 1231 Text



The draft says:

   2.  Calculation

   The 128-bit digest is calculated as described in [RFC-1321].  The
   specification of MD5 includes a portable 'C' programming language
   description of the MD5 algorithm.

   The "b-bit message" shall consist of the 128-bit secret
   authentication key concatenated with (followed by) the entire IP
   datagram.  All IP headers and payloads that are present MUST be
   included in the computation, with header fields whose value varies in
   transit (such as Hop Count) being assumed to contain zeros for the
   purpose of the authentication calculation.  Also, the Authentication
   Data field of the Authentication Header is considered to contain all
   zeros.

Ron Rivest has stated that a shared secret at the front of a message is not
sufficient for authentication.  I thought that I remembered this being
discussed ath the San Jose IETF.  Further, I thought that we agreed that we
would solve this weakness by puting the shared secret before and after the
data payload.

Does anyone else remember this?  I seem to remember the discussion causing
a tanget about "prepend" not being a word.

Russ


Follow-Ups: