PROXY  WHOIS  RQUOTE  TEXTS  SOFT  FOREX  BBOARD
 Music  Philosophy  Code  Literature  Russian

= ROOT|Technical|RFC|rfc2402.txt =

page 1 of 13 









Network Working Group                                            S. Kent
Request for Comments: 2402                                      BBN Corp
Obsoletes: 1826                                              R. Atkinson
Category: Standards Track                                  @Home Network
                                                           November 1998


                        IP Authentication Header

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1998).  All Rights Reserved.

Table of Contents

  1. Introduction......................................................2
  2. Authentication Header Format......................................3
     2.1 Next Header...................................................4
     2.2 Payload Length................................................4
     2.3 Reserved......................................................4
     2.4 Security Parameters Index (SPI)...............................4
     2.5 Sequence Number...............................................5
     2.6 Authentication Data ..........................................5
  3. Authentication Header Processing..................................5
     3.1  Authentication Header Location...............................5
     3.2  Authentication Algorithms....................................7
     3.3  Outbound Packet Processing...................................8
        3.3.1  Security Association Lookup.............................8
        3.3.2  Sequence Number Generation..............................8
        3.3.3  Integrity Check Value Calculation.......................9
           3.3.3.1  Handling Mutable Fields............................9
              3.3.3.1.1  ICV Computation for IPv4.....................10
                 3.3.3.1.1.1 Base Header Fields.......................10
                 3.3.3.1.1.2 Options..................................11
              3.3.3.1.2  ICV Computation for IPv6.....................11
                 3.3.3.1.2.1 Base Header Fields.......................11
                 3.3.3.1.2.2 Extension Headers Containing Options.....11
                 3.3.3.1.2.3 Extension Headers Not Containing Options.11
           3.3.3.2  Padding...........................................12
              3.3.3.2.1  Authentication Data Padding..................12




 
RFC 2402                IP Authentication Header           November 1998


              3.3.3.2.2  Implicit Packet Padding......................12
        3.3.4  Fragmentation..........................................12
     3.4  Inbound Packet Processing...................................13
        3.4.1  Reassembly.............................................13
        3.4.2  Security Association Lookup............................13
        3.4.3  Sequence Number Verification...........................13
        3.4.4  Integrity Check Value Verification.....................15
  4. Auditing.........................................................15
  5. Conformance Requirements.........................................16
  6. Security Considerations..........................................16
  7. Differences from RFC 1826........................................16
  Acknowledgements....................................................17
  Appendix A -- Mutability of IP Options/Extension Headers............18
     A1. IPv4 Options.................................................18
     A2. IPv6 Extension Headers.......................................19
  References..........................................................20
  Disclaimer..........................................................21
  Author Information..................................................22
  Full Copyright Statement............................................22

1.  Introduction

   The IP Authentication Header (AH) is used to provide connectionless
   integrity and data origin authentication for IP datagrams (hereafter
   referred to as just "authentication"), and to provide protection
   against replays.  This latter, optional service may be selected, by
   the receiver, when a Security Association is established. (Although
   the default calls for the sender to increment the Sequence Number
   used for anti-replay, the service is effective only if the receiver
   checks the Sequence Number.)  AH provides authentication for as much
   of the IP header as possible, as well as for upper level protocol
   data.  However, some IP header fields may change in transit and the
   value of these fields, when the packet arrives at the receiver, may
   not be predictable by the sender.  The values of such fields cannot
   be protected by AH.  Thus the protection provided to the IP header by
   AH is somewhat piecemeal.

   AH may be applied alone, in combination with the IP Encapsulating
=1=

= PAGE 1 = NEXT > |2|3|4|5|6|7|8|9|10.13

UP TO ROOT | UP TO DIR

Google
 


E-mail Facebook Google Digg del.icio.us BlinkList Fark Furl Ma.gnolia Netscape NewsVine Reddit Slashdot Spurl StumbleUpon Technorati YahooMyWeb LiveJournal Blogmarks TwitThis Live News2.ru BobrDobr.ru Memori.ru MoeMesto.ru

0.0363619 wallclock secs ( 0.01 usr + 0.00 sys = 0.01 CPU)