RFC 2085 (rfc2085) - Page 1 of 6
HMAC-MD5 IP Authentication with Replay Prevention
Alternative Format: Original Text Document
Network Working Group M. Oehler
Request for Comments: 2085 NSA
Category: Standards Track R. Glenn
NIST
February 1997
HMAC-MD5 IP Authentication with Replay Prevention
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Abstract
This document describes a keyed-MD5 transform to be used in
conjunction with the IP Authentication Header [RFC-1826]. The
particular transform is based on [HMAC-MD5]. An option is also
specified to guard against replay attacks.
Table of Contents
1. Introduction...................................................1
1.1 Terminology.................................................2
1.2 Keys........................................................2
1.3 Data Size...................................................3
2. Packet Format..................................................3
2.1 Replay Prevention...........................................4
2.2 Authentication Data Calculation.............................4
3. Security Considerations........................................5
Acknowledgments....................................................5
References.........................................................6
Authors' Addresses.................................................6
1. Introduction
The Authentication Header (AH) [RFC-1826] provides integrity and
authentication for IP datagrams. The transform specified in this
document uses a keyed-MD5 mechanism [HMAC-MD5]. The mechanism uses
the (key-less) MD5 hash function [RFC-1321] which produces a message
digest. When combined with an AH Key, authentication data is
produced. This value is placed in the Authentication Data field of
the AH [RFC-1826]. This value is also the basis for the data
integrity service offered by the AH protocol.
Oehler & Glenn Standards Track