[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

draft-metzger-ah-00.txt

To: ipsec@ans.net
Subject: draft-metzger-ah-00.txt
From: iialan@iifeak.swan.ac.uk (Alan Cox)
Date: Thu, 2 Feb 95 18:19 GMT

                    IPv4 Authentication Header (4AH)
                       draft-metzger-ah-00.txt
   The Authentication Header (AH) seeks to provide security by adding
   authentication information to an IP datagram.  The authentication
   information is calculated using all of the fields in the IP datagram
   which do not change in transit.  This includes portions of the IP
   Header, transport headers, and the user data.

This isn't clear about IP options. Clearly some options are not invariant
and some are. Should this be read as including IP options that are invariant
but not those which are not (time stamp).

Second comment:
	Its probably worth noting with respect to packet filtering firewalls
that most of them will need additional code to understand the extra header.
What is good is that it can be done easily without performing the
authentication, or can be done including the authentication if one side of
the firewall is a 'trusted' net.

Third:
	I'm told Novell now have a patent on packet signing. Does it cover
this area and if so what now ?

In the meantime I've started a Linux implementation of the draft. 

Alan

Follow-Ups:

Re: draft-metzger-ah-00.txt

From: "Perry E. Metzger" <perry@imsi.com>

Prev by Date: Re: SHA-1
Next by Date: Re: draft-metzger-ah-00.txt
Prev by thread: Re: a missing piece
Next by thread: Re: draft-metzger-ah-00.txt
Index(es):
- Main
- Thread