[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: data origin authentication

To: Goeman Stefan <Stefan.Goeman@siemens.atea.be>
Subject: Re: data origin authentication
From: Henry Spencer <henry@spsystems.net>
Date: Tue, 7 May 2002 11:33:03 -0400 (EDT)
cc: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
In-Reply-To: <E76F715C0429D5118F2100508BB9EDEE036FE96B@hrtades7.atea.be>
Sender: owner-ipsec@lists.tislabs.com

On Tue, 7 May 2002, Goeman Stefan wrote:
> ...I is correct to say
> that if ESP is used in transport mode, there is no data origin
> authentication? I would say this because
> the IP header, containing the source IP address is not authenticated.

Not really correct.  Yes, the header may be tampered with... but the
origin of the *data* (the packet contents) is still certain, because only
someone knowing the authentication key can generate a packet which will
pass authentication. 

The header is just the means by which the data is conveyed to the
destination.  Usually, one cares about authenticating the contents, not
the header. 

                                                          Henry Spencer
                                                       henry@spsystems.net

References:
- data origin authentication
  - From: Goeman Stefan <Stefan.Goeman@siemens.atea.be>

Prev by Date: data origin authentication
Next by Date: Re: data origin authentication
Prev by thread: data origin authentication
Next by thread: Re: data origin authentication
Index(es):
- Date
- Thread