[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

I-D ACTION:draft-ietf-ipsec-auth-header-04.txt

To: IETF-Announce@tis.com
Subject: I-D ACTION:draft-ietf-ipsec-auth-header-04.txt
From: Internet-Drafts@ns.ietf.org
Date: Mon, 16 Feb 1998 09:04:39 -0500
Cc: ipsec@tis.com
Reply-to: Internet-Drafts@ns.ietf.org
Sender: owner-ipsec@ex.tis.com

--NextPart

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the IP Security Protocol Working Group of the IETF.

	Title		: IP Authentication Header
	Author(s)	: S. Kent, R. Atkinson
	Filename	: draft-ietf-ipsec-auth-header-04.txt
	Pages		: 23
	Date		: 13-Feb-98
	
The IP Authentication Header (AH) is used to provide connectionless
   integrity and data origin authentication for IP datagrams (hereafter
   referred to as just ''authentication''), and to provide protection
   against replays.  This latter, optional service may be selected, by
   the receiver, when a Security Association is established. (Although
   the default calls for the sender to increment the Sequence Number
   used for anti-replay, the service is effective only if the receiver
   checks the Sequence Number.)  AH provides authentication for as much
   of the IP header as possible, as well as for upper level protocol
   data.  However, some IP header fields may change in transit and the
   value of these fields, when the packet arrives at the receiver, may
   not be predictable by the sender.  The values of such fields cannot
   be protected by AH.  Thus the protection provided to the IP header by
   AH is somewhat piecemeal.
 
   AH may be applied alone, in combination with the IP Encapsulating
   Security Payload (ESP) [KA97b], or in a nested fashion through the
   use of tunnel mode (see ''Security Architecture for the Internet
   Protocol'' [KA97a], hereafter referred to as the Security Architecture
   document).  Security services can be provided between a pair of
   communicating hosts, between a pair of communicating security
   gateways, or between a security gateway and a host.  ESP may be used
   to provide the same security services, and it also provides a
   confidentiality (encryption) service.  The primary difference between
   the authentication provided by ESP and AH is the extent of the
   coverage.  Specifically, ESP does not protect any IP header fields
   unless those fields are encapsulated by ESP (tunnel mode).  For more
   details on how to use AH and ESP in various network environments, see
   the Security Architecture document [KA97a].

Internet-Drafts are available by anonymous FTP.  Login with the username
"anonymous" and a password of your e-mail address.  After logging in,
type "cd internet-drafts" and then
	"get draft-ietf-ipsec-auth-header-04.txt".
A URL for the Internet-Draft is:
ftp://ftp.ietf.org/internet-drafts/draft-ietf-ipsec-auth-header-04.txt

Internet-Drafts directories are located at:

	Africa:	ftp.is.co.za
	
	Europe: ftp.nordu.net
		ftp.nis.garr.it
			
	Pacific Rim: munnari.oz.au
	
	US East Coast: ds.internic.net
	
	US West Coast: ftp.isi.edu

Internet-Drafts are also available by mail.

Send a message to:	mailserv@ds.internic.net.  In the body type:
	"FILE /internet-drafts/draft-ietf-ipsec-auth-header-04.txt".
	
NOTE:	The mail server at ds.internic.net can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.
		
		
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.

--NextPart
Content-Type: Multipart/Alternative; Boundary="OtherAccess"

--OtherAccess
Content-Type: Message/External-body;
	access-type="mail-server";
	server="mailserv@ds.internic.net"

Content-Type: text/plain
Content-ID:	<19980213162516.I-D@ietf.org>

ENCODING mime
FILE /internet-drafts/draft-ietf-ipsec-auth-header-04.txt

--OtherAccess
Content-Type: Message/External-body;
	name="draft-ietf-ipsec-auth-header-04.txt";
	site="ftp.ietf.org";
	access-type="anon-ftp";
	directory="internet-drafts"

Content-Type: text/plain
Content-ID:	<19980213162516.I-D@ietf.org>

--OtherAccess--

--NextPart--





--
John Kelley					johnk@tis.com
Director, Systems Administration
Trusted Information Systems, Inc.  (A NASDAQ company: "TISX")
http://www.tis.com

Prev by Date: I-D ACTION:draft-ietf-ipsec-auth-header-04.txt
Next by Date: I-D ACTION:draft-ietf-ipsec-esp-v2-03.txt
Prev by thread: I-D ACTION:draft-ietf-ipsec-auth-header-04.txt
Next by thread: I-D ACTION:draft-ietf-ipsec-esp-v2-03.txt
Index(es):
- Main
- Thread