| < draft-ietf-ipsec-ah-md5-02.txt | draft-ietf-ipsec-ah-md5-03.txt > | |||
|---|---|---|---|---|
| Network Working Group P Metzger | Network Working Group P Metzger | |||
| Internet Draft W A Simpson | Internet Draft W A Simpson | |||
| expires in six months March 1995 | expires in six months April 1995 | |||
| IP Authentication using Keyed MD5 | IP Authentication using Keyed MD5 | |||
| draft-ietf-ipsec-ah-md5-02.txt | | draft-ietf-ipsec-ah-md5-03.txt | | |||
| Status of this Memo | Status of this Memo | |||
| This document is a submission to the IP Security Working Group of the | This document is a submission to the IP Security Working Group of the | |||
| Internet Engineering Task Force (IETF). Comments should be submitted | Internet Engineering Task Force (IETF). Comments should be submitted | |||
| to the ipsec@ans.net mailing list. | to the ipsec@ans.net mailing list. | |||
| Distribution of this memo is unlimited. | Distribution of this memo is unlimited. | |||
| This document is an Internet-Draft. Internet Drafts are working | This document is an Internet-Draft. Internet Drafts are working | |||
| skipping to change at page 1, line 56 ¶ | skipping to change at page 1, line 56 ¶ | |||
| The Authentication Header (AH) [A-AH] provides integrity and | The Authentication Header (AH) [A-AH] provides integrity and | |||
| authentication for IP datagrams. | authentication for IP datagrams. | |||
| This specification describes the AH use of Message Digest 5 (MD5) | This specification describes the AH use of Message Digest 5 (MD5) | |||
| [RFC-1321]. | [RFC-1321]. | |||
| All implementations that claim conformance or compliance with the | All implementations that claim conformance or compliance with the | |||
| Authentication Header specification MUST implement this MD5 | Authentication Header specification MUST implement this MD5 | |||
| mechanism. | mechanism. | |||
| Implementors should consult the most recent version of the IAB | Implementors should consult the most recent version of the IAB | | |||
| Standards [RFC-1610] for further guidance on the status of this | Standards [RFC-1720] for further guidance on the status of this | |||
| document. | document. | |||
| This document assumes that the reader is familiar with the related | This document assumes that the reader is familiar with the related | |||
| document "Security Architecture for the Internet Protocol" [A-SA], | document "Security Architecture for the Internet Protocol" [A-SA], | |||
| which defines the overall security plan for IP, and provides | which defines the overall security plan for IP, and provides | |||
| important background for this specification. | important background for this specification. | |||
| 1.1. Keys | 1.1. Keys | |||
| The secret authentication key shared between the communicating | The secret authentication key shared between the communicating | |||
| skipping to change at page 2, line 11 ¶ | skipping to change at page 2, line 11 ¶ | |||
| alternative authentication algorithms that have significantly | alternative authentication algorithms that have significantly | |||
| faster throughput, are not patent-encumbered, and still retain | faster throughput, are not patent-encumbered, and still retain | |||
| adequate cryptographic strength. | adequate cryptographic strength. | |||
| 2. Calculation | 2. Calculation | |||
| The 128-bit digest is calculated as described in [RFC-1321]. The | The 128-bit digest is calculated as described in [RFC-1321]. The | |||
| specification of MD5 includes a portable 'C' programming language | specification of MD5 includes a portable 'C' programming language | |||
| description of the MD5 algorithm. | description of the MD5 algorithm. | |||
| The invariant fields of the entire IP datagram are hashed first. The | The variable length secret authentication key is zero-filled to the | | |||
| variable length secret authentication key is concatenated with | next 128-bit boundary, concatenated with (immediately followed by) | | |||
| (immediately followed by) this initial 128-bit digest, and the | the invariant fields of the entire IP datagram, concatenated with | | |||
| combination is hashed again. This final 128-bit digest is inserted | (immediately followed by) the variable length secret authentication | | |||
| into the Authentication Data field. | key again (trailing padding is added by the MD5 algorithm). The | | |||
| resulting 128-bit digest is inserted into the Authentication Data | | ||||
| field. | ||||
| The MD5 algorithm requires a particular format of padding after the * | Care must be taken that the keys and padding are not sent over the | | |||
| end of the authenticated data. This padding is not sent over the | link. | |||
| link. * | ||||
| Security Considerations | Security Considerations | |||
| Users need to understand that the quality of the security provided by | Users need to understand that the quality of the security provided by | |||
| this specification depends completely on the strength of the MD5 hash | this specification depends completely on the strength of the MD5 hash | |||
| function, the correctness of that algorithm's implementation, the | function, the correctness of that algorithm's implementation, the | |||
| security of the key management mechanism and its implementation, the | security of the key management mechanism and its implementation, the | |||
| strength of the key [CN94], and upon the correctness of the | strength of the key [CN94], and upon the correctness of the | |||
| implementations in all of the participating nodes. | implementations in all of the participating nodes. | |||
| skipping to change at page 3, line 13 ¶ | skipping to change at page 3, line 13 ¶ | |||
| move in the near future to algorithms with longer hash lengths. | move in the near future to algorithms with longer hash lengths. | |||
| Acknowledgements | Acknowledgements | |||
| Some of the text of this specification was derived from work by | Some of the text of this specification was derived from work by | |||
| Randall Atkinson for the SIP, SIPP, and IPv6 Working Groups. | Randall Atkinson for the SIP, SIPP, and IPv6 Working Groups. | |||
| The basic concept and use of MD5 is derived in large part from the | The basic concept and use of MD5 is derived in large part from the | |||
| work done for SNMPv2 [RFC-1446]. | work done for SNMPv2 [RFC-1446]. | |||
| Burt Kaliski suggested the two step keyed-MD5 technique. | Steve Bellovin, Steve Deering, Frank Kastenholz, Charles Lynn, and * | |||
| Steve Bellovin, Steve Deering, Frank Kastenholz, Charles Lynn, and | ||||
| Dave Mihelcic provided useful critiques of earlier versions of this | Dave Mihelcic provided useful critiques of earlier versions of this | |||
| draft. | draft. | |||
| References | References | |||
| [A-SA] Randall Atkinson, "Security Architecture for the Internet | [A-SA] Randall Atkinson, "Security Architecture for the Internet | |||
| Protocol", work in progress. | Protocol", work in progress. | |||
| [A-AH] Randall Atkinson, "IP Authentication Header", work in | [A-AH] Randall Atkinson, "IP Authentication Header", work in | |||
| progress. | progress. | |||
| skipping to change at page 3, line 43 ¶ | skipping to change at page 3, line 41 ¶ | |||
| 253-280, July 1994. | 253-280, July 1994. | |||
| [RFC-1321] | [RFC-1321] | |||
| Ronald Rivest, "The MD5 Message-Digest Algorithm", RFC-1321, | Ronald Rivest, "The MD5 Message-Digest Algorithm", RFC-1321, | |||
| DDN Network Information Center, April 1992. | DDN Network Information Center, April 1992. | |||
| [RFC-1446] | [RFC-1446] | |||
| Galvin, J., and McCloghrie, K., "Security Protocols for | Galvin, J., and McCloghrie, K., "Security Protocols for | |||
| Version 2 of the Simple Network Management Protocol | Version 2 of the Simple Network Management Protocol | |||
| (SNMPv2)", RFC-1446, DDN Network Information Center, April | (SNMPv2)", RFC-1446, DDN Network Information Center, April | |||
| 1993. | 1993. * | |||
| [RFC-1610] | ||||
| Postel, J., "Internet Official Protocol Standards", STD 1, | ||||
| RFC 1610, USC/Information Sciences Institute, July 1994. | ||||
| [RFC-1700] | [RFC-1700] | |||
| Reynolds, J., and Postel, J., "Assigned Numbers", STD 2, RFC | Reynolds, J., and Postel, J., "Assigned Numbers", STD 2, RFC | |||
| 1700, USC/Information Sciences Institute, October 1994. | 1700, USC/Information Sciences Institute, October 1994. | | |||
| [RFC-1720] | | ||||
| Postel, J., "Internet Official Protocol Standards", STD 1, | | ||||
| RFC 1720, USC/Information Sciences Institute, November 1994. | ||||
| [OW94] Paul C. van Oorschot & Michael J. Wiener, "Parallel | [OW94] Paul C. van Oorschot & Michael J. Wiener, "Parallel | |||
| Collision Search with Application to Hash Functions and | Collision Search with Application to Hash Functions and | |||
| Discrete Logarithms", Proceedings of the 2nd ACM Conf. | Discrete Logarithms", Proceedings of the 2nd ACM Conf. | |||
| Computer and Communications Security, Fairfax, VA, Nov 3-5 | Computer and Communications Security, Fairfax, VA, Nov 3-5 | |||
| 1994. | 1994. | |||
| [Schneier94] | [Schneier94] | |||
| Schneier, B., "Applied Cryptography", John Wiley & Sons, New | Schneier, B., "Applied Cryptography", John Wiley & Sons, New | |||
| York, NY, 1994. ISBN 0-471-59756-2 | York, NY, 1994. ISBN 0-471-59756-2 | |||
| skipping to change at line 221 ¶ | skipping to change at line 220 ¶ | |||
| 1. Introduction .......................................... 1 | 1. Introduction .......................................... 1 | |||
| 1.1 Keys ............................................ 1 | 1.1 Keys ............................................ 1 | |||
| 1.2 Data Size ....................................... 1 | 1.2 Data Size ....................................... 1 | |||
| 1.3 Performance ..................................... 1 | 1.3 Performance ..................................... 1 | |||
| 2. Calculation ........................................... 2 | 2. Calculation ........................................... 2 | |||
| SECURITY CONSIDERATIONS ...................................... 2 | SECURITY CONSIDERATIONS ...................................... 2 | |||
| ACKNOWLEDGEMENTS ............................................. 2 | ACKNOWLEDGEMENTS ............................................. 3 | |||
| REFERENCES ................................................... 3 | REFERENCES ................................................... 3 | |||
| AUTHOR'S ADDRESS ............................................. 4 | AUTHOR'S ADDRESS ............................................. 4 | |||
| End of changes. 9 change blocks. | ||||
| 22 lines changed or deleted | 21 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||