[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
beginner's questions
I just started reading documents about ipsec these days.
Some questions occurred to me today.
Pardon me if these questions are somewhat stupid.
In rfc 1825-1829, it is said
AH is for providing integrity and authentication.
ESP is for providing integrity and confidentiality.
Furthermore,
AH using Keyed MD5 and ESP using DES-CBC transform
are the basic algorithms.
I just wondering,
(1) Keyed MD5 is for "integrity" only,
so how does "AH using Keyed MD5" provide "authentication"??
(2) DES-CBC is for "confidentiality" only,
so how does "ESP using DES-CBC transform" provide "integrity"??
If there're any mistakes of my understanding,
Please correct me.
Thank you in advance.
lky@telstar.netrd.iii.org.tw 7/28
Follow-Ups: