draft-ietf-ipsec-ah-md5-02.txt   draft-ietf-ipsec-ah-md5-03.txt 
Network Working Group P Metzger Network Working Group P Metzger
Internet Draft W A Simpson Internet Draft W A Simpson
expires in six months March 1995 expires in six months April 1995
IP Authentication using Keyed MD5 IP Authentication using Keyed MD5
draft-ietf-ipsec-ah-md5-02.txt | draft-ietf-ipsec-ah-md5-03.txt |
Status of this Memo Status of this Memo
This document is a submission to the IP Security Working Group of the This document is a submission to the IP Security Working Group of the
Internet Engineering Task Force (IETF). Comments should be submitted Internet Engineering Task Force (IETF). Comments should be submitted
to the ipsec@ans.net mailing list. to the ipsec@ans.net mailing list.
Distribution of this memo is unlimited. Distribution of this memo is unlimited.
This document is an Internet-Draft. Internet Drafts are working This document is an Internet-Draft. Internet Drafts are working
skipping to change at page 1, line 56 skipping to change at page 1, line 56
The Authentication Header (AH) [A-AH] provides integrity and The Authentication Header (AH) [A-AH] provides integrity and
authentication for IP datagrams. authentication for IP datagrams.
This specification describes the AH use of Message Digest 5 (MD5) This specification describes the AH use of Message Digest 5 (MD5)
[RFC-1321]. [RFC-1321].
All implementations that claim conformance or compliance with the All implementations that claim conformance or compliance with the
Authentication Header specification MUST implement this MD5 Authentication Header specification MUST implement this MD5
mechanism. mechanism.
Implementors should consult the most recent version of the IAB Implementors should consult the most recent version of the IAB |
Standards [RFC-1610] for further guidance on the status of this Standards [RFC-1720] for further guidance on the status of this
document. document.
This document assumes that the reader is familiar with the related This document assumes that the reader is familiar with the related
document "Security Architecture for the Internet Protocol" [A-SA], document "Security Architecture for the Internet Protocol" [A-SA],
which defines the overall security plan for IP, and provides which defines the overall security plan for IP, and provides
important background for this specification. important background for this specification.
1.1. Keys 1.1. Keys
The secret authentication key shared between the communicating The secret authentication key shared between the communicating
skipping to change at page 2, line 11 skipping to change at page 2, line 11
alternative authentication algorithms that have significantly alternative authentication algorithms that have significantly
faster throughput, are not patent-encumbered, and still retain faster throughput, are not patent-encumbered, and still retain
adequate cryptographic strength. adequate cryptographic strength.
2. Calculation 2. Calculation
The 128-bit digest is calculated as described in [RFC-1321]. The The 128-bit digest is calculated as described in [RFC-1321]. The
specification of MD5 includes a portable 'C' programming language specification of MD5 includes a portable 'C' programming language
description of the MD5 algorithm. description of the MD5 algorithm.
The invariant fields of the entire IP datagram are hashed first. The The variable length secret authentication key is zero-filled to the |
variable length secret authentication key is concatenated with next 128-bit boundary, concatenated with (immediately followed by) |
(immediately followed by) this initial 128-bit digest, and the the invariant fields of the entire IP datagram, concatenated with |
combination is hashed again. This final 128-bit digest is inserted (immediately followed by) the variable length secret authentication |
into the Authentication Data field. key again (trailing padding is added by the MD5 algorithm). The |
resulting 128-bit digest is inserted into the Authentication Data |
field.
The MD5 algorithm requires a particular format of padding after the * Care must be taken that the keys and padding are not sent over the |
end of the authenticated data. This padding is not sent over the link.
link. *
Security Considerations Security Considerations
Users need to understand that the quality of the security provided by Users need to understand that the quality of the security provided by
this specification depends completely on the strength of the MD5 hash this specification depends completely on the strength of the MD5 hash
function, the correctness of that algorithm's implementation, the function, the correctness of that algorithm's implementation, the
security of the key management mechanism and its implementation, the security of the key management mechanism and its implementation, the
strength of the key [CN94], and upon the correctness of the strength of the key [CN94], and upon the correctness of the
implementations in all of the participating nodes. implementations in all of the participating nodes.
skipping to change at page 3, line 13 skipping to change at page 3, line 13
move in the near future to algorithms with longer hash lengths. move in the near future to algorithms with longer hash lengths.
Acknowledgements Acknowledgements
Some of the text of this specification was derived from work by Some of the text of this specification was derived from work by
Randall Atkinson for the SIP, SIPP, and IPv6 Working Groups. Randall Atkinson for the SIP, SIPP, and IPv6 Working Groups.
The basic concept and use of MD5 is derived in large part from the The basic concept and use of MD5 is derived in large part from the
work done for SNMPv2 [RFC-1446]. work done for SNMPv2 [RFC-1446].
Burt Kaliski suggested the two step keyed-MD5 technique. Steve Bellovin, Steve Deering, Frank Kastenholz, Charles Lynn, and *
Steve Bellovin, Steve Deering, Frank Kastenholz, Charles Lynn, and
Dave Mihelcic provided useful critiques of earlier versions of this Dave Mihelcic provided useful critiques of earlier versions of this
draft. draft.
References References
[A-SA] Randall Atkinson, "Security Architecture for the Internet [A-SA] Randall Atkinson, "Security Architecture for the Internet
Protocol", work in progress. Protocol", work in progress.
[A-AH] Randall Atkinson, "IP Authentication Header", work in [A-AH] Randall Atkinson, "IP Authentication Header", work in
progress. progress.
skipping to change at page 3, line 43 skipping to change at page 3, line 41
253-280, July 1994. 253-280, July 1994.
[RFC-1321] [RFC-1321]
Ronald Rivest, "The MD5 Message-Digest Algorithm", RFC-1321, Ronald Rivest, "The MD5 Message-Digest Algorithm", RFC-1321,
DDN Network Information Center, April 1992. DDN Network Information Center, April 1992.
[RFC-1446] [RFC-1446]
Galvin, J., and McCloghrie, K., "Security Protocols for Galvin, J., and McCloghrie, K., "Security Protocols for
Version 2 of the Simple Network Management Protocol Version 2 of the Simple Network Management Protocol
(SNMPv2)", RFC-1446, DDN Network Information Center, April (SNMPv2)", RFC-1446, DDN Network Information Center, April
1993. 1993. *
[RFC-1610]
Postel, J., "Internet Official Protocol Standards", STD 1,
RFC 1610, USC/Information Sciences Institute, July 1994.
[RFC-1700] [RFC-1700]
Reynolds, J., and Postel, J., "Assigned Numbers", STD 2, RFC Reynolds, J., and Postel, J., "Assigned Numbers", STD 2, RFC
1700, USC/Information Sciences Institute, October 1994. 1700, USC/Information Sciences Institute, October 1994. |
[RFC-1720] |
Postel, J., "Internet Official Protocol Standards", STD 1, |
RFC 1720, USC/Information Sciences Institute, November 1994.
[OW94] Paul C. van Oorschot & Michael J. Wiener, "Parallel [OW94] Paul C. van Oorschot & Michael J. Wiener, "Parallel
Collision Search with Application to Hash Functions and Collision Search with Application to Hash Functions and
Discrete Logarithms", Proceedings of the 2nd ACM Conf. Discrete Logarithms", Proceedings of the 2nd ACM Conf.
Computer and Communications Security, Fairfax, VA, Nov 3-5 Computer and Communications Security, Fairfax, VA, Nov 3-5
1994. 1994.
[Schneier94] [Schneier94]
Schneier, B., "Applied Cryptography", John Wiley & Sons, New Schneier, B., "Applied Cryptography", John Wiley & Sons, New
York, NY, 1994. ISBN 0-471-59756-2 York, NY, 1994. ISBN 0-471-59756-2
skipping to change at line 221 skipping to change at line 220
1. Introduction .......................................... 1 1. Introduction .......................................... 1
1.1 Keys ............................................ 1 1.1 Keys ............................................ 1
1.2 Data Size ....................................... 1 1.2 Data Size ....................................... 1
1.3 Performance ..................................... 1 1.3 Performance ..................................... 1
2. Calculation ........................................... 2 2. Calculation ........................................... 2
SECURITY CONSIDERATIONS ...................................... 2 SECURITY CONSIDERATIONS ...................................... 2
ACKNOWLEDGEMENTS ............................................. 2 ACKNOWLEDGEMENTS ............................................. 3
REFERENCES ................................................... 3 REFERENCES ................................................... 3
AUTHOR'S ADDRESS ............................................. 4 AUTHOR'S ADDRESS ............................................. 4
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/