RFC 2085 (rfc2085) - Page 2 of 6


HMAC-MD5 IP Authentication with Replay Prevention



Alternative Format: Original Text Document



RFC 2085                        HMAC-MD5                  February 1997


   To provide protection against replay attacks, a Replay Prevention
   field is included as a transform option.  This field is used to help
   prevent attacks in which a message is stored and re-used later,
   replacing or repeating the original.  The Security Parameters Index
   (SPI) [RFC-1825] is used to determine whether this option is included
   in the AH.

   Familiarity with the following documents is assumed: "Security
   Architecture for the Internet Protocol" [RFC-1825], "IP
   Authentication Header" [RFC-1826], and "HMAC-MD5: Keyed-MD5 for
   Message Authentication" [HMAC-MD5].

   All implementations that claim conformance or compliance with the IP
   Authentication Header specification [RFC-1826] MUST implement this
   HMAC-MD5 transform.

1.1 Terminology

   In  this  document,  the  words  that  are  used  to   define   the
   significance  of each particular requirement are usually capitalized.
   These words are:

   - MUST

   This word or the adjective "REQUIRED" means that  the  item  is  an
   absolute requirement of the specification.

   - SHOULD

   This word or the adjective "RECOMMENDED"  means  that  there  might
   exist  valid reasons in particular circumstances to ignore this item,
   but the full implications should be understood and the case carefully
   weighed before taking a different course.

1.2 Keys

   The "AH Key" is used as a shared secret between two communicating
   parties.  The Key is not a "cryptographic key" as used in a
   traditional sense. Instead, the AH key (shared secret) is hashed with
   the transmitted data and thus, assures that an intervening party
   cannot duplicate the authentication data.

   Even though an AH key is not a cryptographic key, the rudimentary
   concerns of cryptographic keys still apply. Consider that the
   algorithm and most of the data used to produce the output is known.
   The strength of the transform lies in the singular mapping of the key
   (which needs to be strong) and the IP datagram (which is known) to
   the authentication data.  Thus, implementations should, and as



Oehler & Glenn              Standards Track