authentication
Click on the red underlined text to get to the source
... integrity and confidentiality to IP
datagrams. It may also provide authentication, depending on which
algorithm and algorithm ...
... protection from traffic analysis are not provided by ESP. The IP
Authentication Header (AH) might provide non-repudiation if used with
...
... AH) might provide non-repudiation if used with
certain authentication algorithms [Atk95b]. The IP Authentication
Header may be used in conjunction ...
... certain authentication algorithms [Atk95b]. The IP Authentication
Header may be used in conjunction with ESP to provide authentication ...
... IP Authentication
Header may be used in conjunction with ESP to provide authentication.
Users desiring integrity and authentication ...
... authentication.
Users desiring integrity and authentication without confidentiality
should use the IP Authentication Header ...
... authentication without confidentiality
should use the IP Authentication Header (AH) instead of ESP. This
...
...
In the case of IP, an IP Authentication Header may be present as a
header of an unencrypted IP packet ...
... ESP header of a single packet, the unencrypted IPv6
Authentication Header is primarily used to provide protection for the
contents of the unencrypted IP headers and the encrypted ...
... IP headers and the encrypted
Authentication Header is used to provide authentication only for the
encrypted ...
... encrypted
Authentication Header is used to provide authentication only for the
encrypted IP packet ...
... +-------------+--------------------+------------+---------------------+
Encryption and authentication algorithms, and the precise format of
the Opaque Transform Data associated with them are known as
...
... end-to-end
headers (e.g., Authentication Header, if present in cleartext) and
immediately precedes an tunnelled IP datagram.
...
... end-to-end headers
(e.g., Authentication Header) and immediately precedes a transport-
layer ...
... Authentication ...
...
Some transforms provide authentication as well as confidentiality and
integrity. When such a transform is not used, then the
Authentication Header ...
... authentication as well as confidentiality and
integrity. When such a transform is not used, then the
Authentication Header might be used in conjunction with the
Encapsulating Security Payload ...
... Encapsulating Security Payload. There are two different approaches
to using the Authentication Header with ESP, depending on which data
is to be authenticated ...
... Authentication Header with ESP, depending on which data
is to be authenticated. The location of the Authentication Header
makes it clear which set of data is being authenticated ...
... ESP, depending on which data
is to be authenticated. The location of the Authentication Header
makes it clear which set of data is being authenticated.
...
... authenticated. The location of the Authentication Header
makes it clear which set of data is being authenticated.
In the first usage, the entire received datagram ...
...
In the first usage, the entire received datagram is authenticated,
including both the encrypted and unencrypted portions, while only the
...
... ESP header and its now
encrypted data. Finally, the IP Authentication Header is calculated
over the resulting datagram according to the normal method ...
... receiver first verifies the authenticity of the entire
datagram using the normal IP Authentication Header process. Then if
authentication succeeds, decryption ...
... datagram using the normal IP Authentication Header process. Then if
authentication succeeds, decryption using the normal IP ESP ...
... upper layer.
If the authentication process were to be applied only to the data
protected by Tunnel-mode ESP ...
... protected by Tunnel-mode ESP, then the IP Authentication Header would
be placed normally within that protected datagram. However, if one
...
... were using Transport-mode ESP, then the IP Authentication Header
would be placed before the ESP header and would be calculated across
...
... recorded in the system log or audit log using the procedures
described previously. It is not necessarily an error for an
Authentication Header located outside of the ESP header to have a
different security ...
... paste attack described by Bellovin and should not be used unless the
Authentication Header is always present with packets using that ESP
transform [Bel95].
...
... Atkinson, R., "IP Authentication Header", RFC 1826(-> 2402(-> 4305(-> 4835prop) | 4302prop)), NRL, August 1995. ...