[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Some queries regarding RFC 2401: Authentication Header
Some Questions realted to RFC 2401, "Authentication Header":
> 1) In section 2.2, Payload Length, it is stated that we can use a "null"
> algorithm, but i read in RFC 2401, that one must provide at least one
> service at one time. It doesnt make sense to provide null algorithm. For
> what sort of debugging is it used ?
>
> 2) In IPv6, do we compute the "Payload Length" in 64-bit words or 32-bit
> words? and do we subtract 2 or 1 in any case for that count?
>
> 3)In case of Sequence Number cycle, do we just drop the packet and report
> an auditable event or do we create a new SA and Key every time it happens
> or do we do both?
>
> 4) In the section 3.3.3.2.1 "Authentication Data padding", its is stated
> that "These padding bytes are included in the Authetication Data
> calculation", dont we just zero the authentication data field while
> computing the ICV. If not, in what perspective the above statement has
> been made?
>
>
>
I shall be grateful if someone clears out the confusion(s).
Afzal Khan