Dismiss
InnovationQ/InnovationQ Plus content will be updated on Sunday, June 25, 10am ET, with new patent and non-patent literature collections. Click here to learn more.
Browse Prior Art Database

IP Authentication Header (RFC2402)

IP.com Disclosure Number: IPCOM000002977D
Original Publication Date: 1998-Nov-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 18 page(s) / 49K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

S. Kent: AUTHOR [+2]

Abstract

The IP Authentication Header (AH) is used to provide connectionless integrity and data origin authentication for IP datagrams (hereafter referred to as just "authentication"), and to provide protection against replays. This latter, optional service may be selected, by the receiver, when a Security Association is established. (Although the default calls for the sender to increment the Sequence Number used for anti-replay, the service is effective only if the receiver checks the Sequence Number.) AH provides authentication for as much of the IP header as possible, as well as for upper level protocol data. However, some IP header fields may change in transit and the value of these fields, when the packet arrives at the receiver, may not be predictable by the sender. The values of such fields cannot be protected by AH. Thus the protection provided to the IP header by AH is somewhat piecemeal.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 6% of the total text.

Network Working Group S. Kent

Request for Comments: 2402 BBN Corp

Obsoletes: 1826 R. Atkinson

Category: Standards Track @Home Network

November 1998

IP Authentication Header

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1998). All Rights Reserved.

Table of Contents

1. Introduction......................................................2

2. Authentication Header Format......................................3

2.1 Next Header...................................................4

2.2 Payload Length................................................4

2.3 Reserved......................................................4

2.4 Security Parameters Index (SPI)...............................4

2.5 Sequence Number...............................................5

2.6 Authentication Data ..........................................5

3. Authentication Header Processing..................................5

3.1 Authentication Header Location...............................5

3.2 Authentication Algorithms....................................7

3.3 Outbound Packet Processing...................................8

3.3.1 Security Association Lookup.............................8

3.3.2 Sequence Number Generation..............................8

3.3.3 Integrity Check Value Calculation.......................9

3.3.3.1 Handling Mutable Fields............................9

3.3.3.1.1 ICV Computation for IPv4.....................10

3.3.3.1.1.1 Base Header Fields.......................10

3.3.3.1.1.2 Options..................................11

3.3.3.1.2 ICV Computation for IPv6.....................11

3.3.3.1.2.1 Base Header Fields.......................11

3.3.3.1.2.2 Extension Headers Containing Options.....11

3.3.3.1.2.3 Extension Headers Not Containing Options.11

3.3.3.2 Padding...........................................12

3.3.3.2.1 Authentication Data Padding..................12

3.3.3.2.2 Implicit Packet Padding......................12

3.3.4 Fragmentation..........................................12

3.4 Inbound Packet Processing...................................13

3.4.1 Reassembly.............................................13

3.4.2 Security Association L...