[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Some queries regarding RFC 2401: Authentication Header

To: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: Some queries regarding RFC 2401: Authentication Header
From: 837 <837@nu.edu.pk>
Date: Wed, 27 Feb 2002 12:50:59 +0500
Sender: owner-ipsec@lists.tislabs.com

	Some Questions realted to RFC 2401, "Authentication Header":

> 1) In section 2.2, Payload Length, it is stated that we can use a "null"
> algorithm, but i read in RFC 2401, that one must provide at least one
> service at one time. It doesnt make sense to provide null algorithm. For
> what sort of debugging is it used ?
> 
> 2) In IPv6, do we compute the "Payload Length" in 64-bit words or 32-bit
> words? and do we subtract 2 or 1 in any case for that count?
> 
> 3)In case of Sequence Number cycle, do we just drop the packet and report
> an auditable event or do we create a new SA and Key every time it happens
> or do we do both?
> 
> 4) In the section 3.3.3.2.1 "Authentication Data padding", its is stated
> that "These padding bytes are included in the Authetication Data
> calculation", dont we just zero the authentication data field while
> computing the ICV. If not,  in what perspective the above statement has
> been made?
> 
> 
> 
	I shall be grateful if someone clears out the confusion(s).

	Afzal Khan

Follow-Ups:
- Re: Some queries regarding RFC 2401: Authentication Header
  - From: Jean-Jacques Puig <jean-jacques.puig@int-evry.fr>

Prev by Date: RE: NAT Traversal
Next by Date: correction
Prev by thread: Re: Length of pre-shared key
Next by thread: Re: Some queries regarding RFC 2401: Authentication Header
Index(es):
- Date
- Thread