draft-metzger-ah-00.txt
Alan Cox <iialan@iifeak.swan.ac.uk> Thu, 02 February 1995 18:29 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa07926; 2 Feb 95 13:29 EST
Received: from CNRI.Reston.VA.US by IETF.CNRI.Reston.VA.US id aa07922; 2 Feb 95 13:29 EST
Received: from interlock.ans.net by CNRI.Reston.VA.US id aa11249; 2 Feb 95 13:29 EST
Received: by interlock.ans.net id AA37572 (InterLock SMTP Gateway 1.1 for ipsec-out@ans.net); Thu, 2 Feb 1995 13:19:29 -0500
Received: by interlock.ans.net (Internal Mail Agent-1); Thu, 2 Feb 1995 13:19:29 -0500
Message-Id: <m0ra68J-00016tC@iiit.swan.ac.uk>
Date: Thu, 02 Feb 1995 18:19:00 +0000
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Alan Cox <iialan@iifeak.swan.ac.uk>
To: ipsec@ans.net
Subject: draft-metzger-ah-00.txt
IPv4 Authentication Header (4AH)
draft-metzger-ah-00.txt
The Authentication Header (AH) seeks to provide security by adding
authentication information to an IP datagram. The authentication
information is calculated using all of the fields in the IP datagram
which do not change in transit. This includes portions of the IP
Header, transport headers, and the user data.
This isn't clear about IP options. Clearly some options are not invariant
and some are. Should this be read as including IP options that are invariant
but not those which are not (time stamp).
Second comment:
Its probably worth noting with respect to packet filtering firewalls
that most of them will need additional code to understand the extra header.
What is good is that it can be done easily without performing the
authentication, or can be done including the authentication if one side of
the firewall is a 'trusted' net.
Third:
I'm told Novell now have a patent on packet signing. Does it cover
this area and if so what now ?
In the meantime I've started a Linux implementation of the draft.
Alan
- draft-metzger-ah-00.txt Alan Cox
- Re: draft-metzger-ah-00.txt Perry E. Metzger