Reference document

Org
IETF
Pubnum
RFC 4302
Date
2005
Version
Title
IP Authentication Header (AH)

Applicability

The IP Authentication Header (AH) is used to provide connectionless integrity and data origin authentication for IP datagrams (hereafter referred to as just integrity) and to provide protection against replays. This latter, optional service may be selected, by the receiver, when a Security Association (SA) is established. (The protocol default requires the sender to increment the sequence number used for anti-replay, but the service is effective only if the receiver checks the sequence number.) However, to make use of the Extended Sequence Number feature in an interoperable fashion, AH does impose a requirement on SA management protocols to be able to negotiate this new feature. AH provides authentication for as much of the IP header as possible, as well as for next level protocol data. However, some IP header fields may change in transit and the value of these fields, when the packet arrives at the receiver, may not be predictable by the sender. The values of such fields cannot be protected by AH. Thus, the protection provided to the IP header by AH is piecemeal.

Responsible Party

Name
NCIA/CS

Status

URI
https://www.ietf.org/rfc/rfc4302.txt

History

Flag Date RFC Version
added 1999-01-15 0.1
changed 2000-07-17 0.2
changed 2005-09-23 0.7
changed 2010-10-30 5.0
changed 2017-01-14 9-19 10.0
UUID
ff693d12-6cc1-4633-b76e-fafa0c42adfb