[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

data origin authentication

To: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: data origin authentication
From: Goeman Stefan <Stefan.Goeman@siemens.atea.be>
Date: Tue, 7 May 2002 16:29:53 +0200
Sender: owner-ipsec@lists.tislabs.com

Hello All,

In rfc 2406 "IP Encapsulating Security Payload", and also in
draft-ietf-ipsec-esp-v3-02.txt,
I read: "EPS is used to provide confidentiality, data origin authentication,
connectionless integrity,
an anti-replay service (a form of partial sequence integrity), and limited
traffic flow confidentiality.
The set of services provided depends on options selected at the time of
Security Association (SA)
establishment and on the location of the implementation in a network
topology."

I have been reading more carefully through the rfc (not through the draft
yet). I is correct to say
that if ESP is used in transport mode, there is no data origin
authentication? I would say this because
the IP header, containing the source IP address is not authenticated.
Or am I missing something here?


Greetings,

Stefan.

Follow-Ups:
- Re: data origin authentication
  - From: Henry Spencer <henry@spsystems.net>
- Re: data origin authentication
  - From: Joern Sierwald <joern@f-secure.com>
- Re: data origin authentication
  - From: Bill Sommerfeld <sommerfeld@east.sun.com>
- Re: data origin authentication
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: NAT-T ipaddress conflict
Next by Date: Re: data origin authentication
Prev by thread: NAT-T ipaddress conflict
Next by thread: Re: data origin authentication
Index(es):
- Date
- Thread