[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re[2]: draft-ietf-ipsec-ah-md5-00.txt
The group agreed at the San Jose meeting to use the same 128-bit secret at the
front and back of the data payload.
Paul
_______________________________________________________________________________
Subject: Re: draft-ietf-ipsec-ah-md5-00.txt
Author: housley@spyrus.com@INTERNET
Date: 1/16/95 2:32 PM
Encoding: 1231 Text
The draft says:
2. Calculation
The 128-bit digest is calculated as described in [RFC-1321]. The
specification of MD5 includes a portable 'C' programming language
description of the MD5 algorithm.
The "b-bit message" shall consist of the 128-bit secret
authentication key concatenated with (followed by) the entire IP
datagram. All IP headers and payloads that are present MUST be
included in the computation, with header fields whose value varies in
transit (such as Hop Count) being assumed to contain zeros for the
purpose of the authentication calculation. Also, the Authentication
Data field of the Authentication Header is considered to contain all
zeros.
Ron Rivest has stated that a shared secret at the front of a message is not
sufficient for authentication. I thought that I remembered this being
discussed ath the San Jose IETF. Further, I thought that we agreed that we
would solve this weakness by puting the shared secret before and after the
data payload.
Does anyone else remember this? I seem to remember the discussion causing
a tanget about "prepend" not being a word.
Russ
Follow-Ups: