Re: [Isis-wg] Re: Deprecation of AH header from the IPSEC tool kit

[Stephen Kent <kent@bbn.com>]

Paul,  


The following text is from 2402:


<fontfamily><param>Courier_New</param><bigger>3.2  Authentication
Algorithms


   The authentication algorithm employed for the ICV computation is

   specified by the SA.  For point-to-point communication, suitable

   authentication algorithms include keyed Message Authentication
Codes

   (MACs) based on symmetric encryption algorithms (e.g., DES) or on

   one-way hash functions (e.g., MD5 or SHA-1). 
</bigger></fontfamily><bigger><fontfamily><param>Times</param><bigger>For
multicast

   communication, one-way hash algorithms combined with asymmetric

   signature algorithms are appropriate, though performance and space

   considerations currently preclude use of such algorithms.  


</bigger></fontfamily></bigger>So, there is explicit mention of the
potential use of digital signatures with AH.


Steve

---

References:

• Re: Deprecation of AH header from the IPSEC tool kit
• From: Radia Perlman <Radia.Perlman@East.Sun.COM>
• Re: [Isis-wg] Re: Deprecation of AH header from the IPSEC tool kit
• From: RJ Atkinson <rja@inet.org>
• Re: [Isis-wg] Re: Deprecation of AH header from the IPSEC tool kit
• From: Paul Koning <pkoning@xedia.com>

---

• Prev by Date: Re: [Isis-wg] Re: Deprecation of AH header from the IPSEC tool kit
• Next by Date: Next Bakeoff (fwd)
• Prev by thread: Re: [Isis-wg] Re: Deprecation of AH header from the IPSEC tool kit
• Next by thread: Re: [Isis-wg] Re: Deprecation of AH header from the IPSEC tool kit
• Index(es):
  • Main
  • Thread