[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Isis-wg] Re: Deprecation of AH header from the IPSEC tool kit
Paul,
The following text is from 2402:
<fontfamily><param>Courier_New</param><bigger>3.2 Authentication
Algorithms
The authentication algorithm employed for the ICV computation is
specified by the SA. For point-to-point communication, suitable
authentication algorithms include keyed Message Authentication
Codes
(MACs) based on symmetric encryption algorithms (e.g., DES) or on
one-way hash functions (e.g., MD5 or SHA-1).
</bigger></fontfamily><bigger><fontfamily><param>Times</param><bigger>For
multicast
communication, one-way hash algorithms combined with asymmetric
signature algorithms are appropriate, though performance and space
considerations currently preclude use of such algorithms.
</bigger></fontfamily></bigger>So, there is explicit mention of the
potential use of digital signatures with AH.
Steve
References: