data origin authentication

Goeman Stefan <Stefan.Goeman@siemens.atea.be> Tue, 07 May 2002 15:10 UTC

Message-ID: <E76F715C0429D5118F2100508BB9EDEE036FE96B@hrtades7.atea.be>
From: Goeman Stefan <Stefan.Goeman@siemens.atea.be>
To: "'ipsec@lists.tislabs.com'" <ipsec@lists.tislabs.com>
Subject: data origin authentication
Date: Tue, 07 May 2002 16:29:53 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Sender: owner-ipsec@lists.tislabs.com
Precedence: bulk

Hello All,

In rfc 2406 "IP Encapsulating Security Payload", and also in
draft-ietf-ipsec-esp-v3-02.txt,
I read: "EPS is used to provide confidentiality, data origin authentication,
connectionless integrity,
an anti-replay service (a form of partial sequence integrity), and limited
traffic flow confidentiality.
The set of services provided depends on options selected at the time of
Security Association (SA)
establishment and on the location of the implementation in a network
topology."

I have been reading more carefully through the rfc (not through the draft
yet). I is correct to say
that if ESP is used in transport mode, there is no data origin
authentication? I would say this because
the IP header, containing the source IP address is not authenticated.
Or am I missing something here?


Greetings,

Stefan.

data origin authentication Goeman Stefan
Re: data origin authentication Henry Spencer
Re: data origin authentication Joern Sierwald
Re: data origin authentication Bill Sommerfeld
RE: data origin authentication Goeman Stefan
Re: data origin authentication Michael Richardson
Re: data origin authentication Michael Richardson
RE: data origin authentication Henry Spencer
RE: data origin authentication Christina Helbig
RE: data origin authentication Goeman Stefan
RE: data origin authentication Joern Sierwald
RE: data origin authentication Christina Helbig