[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
I-D ACTION:draft-ietf-ipsec-auth-header-04.txt
--NextPart
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Protocol Working Group of the IETF.
Title : IP Authentication Header
Author(s) : S. Kent, R. Atkinson
Filename : draft-ietf-ipsec-auth-header-04.txt
Pages : 23
Date : 13-Feb-98
The IP Authentication Header (AH) is used to provide connectionless
integrity and data origin authentication for IP datagrams (hereafter
referred to as just ''authentication''), and to provide protection
against replays. This latter, optional service may be selected, by
the receiver, when a Security Association is established. (Although
the default calls for the sender to increment the Sequence Number
used for anti-replay, the service is effective only if the receiver
checks the Sequence Number.) AH provides authentication for as much
of the IP header as possible, as well as for upper level protocol
data. However, some IP header fields may change in transit and the
value of these fields, when the packet arrives at the receiver, may
not be predictable by the sender. The values of such fields cannot
be protected by AH. Thus the protection provided to the IP header by
AH is somewhat piecemeal.
AH may be applied alone, in combination with the IP Encapsulating
Security Payload (ESP) [KA97b], or in a nested fashion through the
use of tunnel mode (see ''Security Architecture for the Internet
Protocol'' [KA97a], hereafter referred to as the Security Architecture
document). Security services can be provided between a pair of
communicating hosts, between a pair of communicating security
gateways, or between a security gateway and a host. ESP may be used
to provide the same security services, and it also provides a
confidentiality (encryption) service. The primary difference between
the authentication provided by ESP and AH is the extent of the
coverage. Specifically, ESP does not protect any IP header fields
unless those fields are encapsulated by ESP (tunnel mode). For more
details on how to use AH and ESP in various network environments, see
the Security Architecture document [KA97a].
Internet-Drafts are available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-ietf-ipsec-auth-header-04.txt".
A URL for the Internet-Draft is:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsec-auth-header-04.txt
Internet-Drafts directories are located at:
Africa: ftp.is.co.za
Europe: ftp.nordu.net
ftp.nis.garr.it
Pacific Rim: munnari.oz.au
US East Coast: ds.internic.net
US West Coast: ftp.isi.edu
Internet-Drafts are also available by mail.
Send a message to: mailserv@ds.internic.net. In the body type:
"FILE /internet-drafts/draft-ietf-ipsec-auth-header-04.txt".
NOTE: The mail server at ds.internic.net can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"
--OtherAccess
Content-Type: Message/External-body;
access-type="mail-server";
server="mailserv@ds.internic.net"
Content-Type: text/plain
Content-ID: <19980213162516.I-D@ietf.org>
ENCODING mime
FILE /internet-drafts/draft-ietf-ipsec-auth-header-04.txt
--OtherAccess
Content-Type: Message/External-body;
name="draft-ietf-ipsec-auth-header-04.txt";
site="ftp.ietf.org";
access-type="anon-ftp";
directory="internet-drafts"
Content-Type: text/plain
Content-ID: <19980213162516.I-D@ietf.org>
--OtherAccess--
--NextPart--
--
John Kelley johnk@tis.com
Director, Systems Administration
Trusted Information Systems, Inc. (A NASDAQ company: "TISX")
http://www.tis.com