[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSEC WORKING GROUP LAST CALL



I have a concern with AH+ESP in transport mode. 
Based on the requirements of ESP, ESP must negotiate
an integrity check mechanism. The MD5-HMAC or SHA-1 HMAC
MUST be supported for ESP. Similarly, the same integrity
algorithms are used by AH. 

Therefore, it looks like I have to compute authentication data
twice using possibly same algorithm over mostly same data.
Something tells me that in this combination, I should be able
to negotiate NULL authentication algorithm for ESP.

I do understand that DES-CBC values can be used for authentication
data in ESP but then what happens when we are not using DES.

Any comments?

Baiju




Follow-Ups: