IP Authentication Header
draft-ietf-ipsec-new-auth-00

Document Type Expired Internet-Draft (ipsec WG)
Authors Stephen Kent  , Randall Atkinson 
Last updated 1997-03-28
Stream IETF
Intended RFC status (None)
Formats
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at
https://www.ietf.org/archive/id/draft-ietf-ipsec-new-auth-00.txt

Abstract

The IP Authentication Header (AH) is used to provide connectionless integrity and data origin authentication for IP datagrams (hereafter referred to as just 'authentication'), and to provide protection against replays. This latter, optional service may be selected when a Security Association is established. AH provides authentication for as much of the IP header as possible, as well as for upper level protocol data. However, some IP header fields may change in transit and the value of these fields, when the packet arrives at the receiver, may not be predictable by the transmitter. The values of such fields cannot be protected by AH. Thus the protection provided to the IP header by AH is somewhat piecemeal.

Authors

Stephen Kent (kent@bbn.com)
Randall Atkinson (rja@extremenetworks.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)