RFC 2085 (rfc2085) - Page 2 of 6
HMAC-MD5 IP Authentication with Replay Prevention
Alternative Format: Original Text Document
RFC 2085 HMAC-MD5 February 1997
To provide protection against replay attacks, a Replay Prevention
field is included as a transform option. This field is used to help
prevent attacks in which a message is stored and re-used later,
replacing or repeating the original. The Security Parameters Index
(SPI) [RFC-1825] is used to determine whether this option is included
in the AH.
Familiarity with the following documents is assumed: "Security
Architecture for the Internet Protocol" [RFC-1825], "IP
Authentication Header" [RFC-1826], and "HMAC-MD5: Keyed-MD5 for
Message Authentication" [HMAC-MD5].
All implementations that claim conformance or compliance with the IP
Authentication Header specification [RFC-1826] MUST implement this
HMAC-MD5 transform.
1.1 Terminology
In this document, the words that are used to define the
significance of each particular requirement are usually capitalized.
These words are:
- MUST
This word or the adjective "REQUIRED" means that the item is an
absolute requirement of the specification.
- SHOULD
This word or the adjective "RECOMMENDED" means that there might
exist valid reasons in particular circumstances to ignore this item,
but the full implications should be understood and the case carefully
weighed before taking a different course.
1.2 Keys
The "AH Key" is used as a shared secret between two communicating
parties. The Key is not a "cryptographic key" as used in a
traditional sense. Instead, the AH key (shared secret) is hashed with
the transmitted data and thus, assures that an intervening party
cannot duplicate the authentication data.
Even though an AH key is not a cryptographic key, the rudimentary
concerns of cryptographic keys still apply. Consider that the
algorithm and most of the data used to produce the output is known.
The strength of the transform lies in the singular mapping of the key
(which needs to be strong) and the IP datagram (which is known) to
the authentication data. Thus, implementations should, and as
Oehler & Glenn Standards Track