Skip to main content
IBM 
ShopSupportDownloads
IBM HomeProductsConsultingIndustriesNewsAbout IBM
IBM : developerWorks : Security : Education - online courses
Virtual private networks, Part 1		Download tutorial zip fileView letter-sized PDF fileView A4-sized PDF fileE-mail this tutorial to a friend
Main menuSection menuGive feedback on this tutorialPreviousNext
5. IPSec: AH protocol structure
  


Calculating the AD page 7 of 9


The AD is calculated with the algorithm selected at the SA initialization. The AD length is an integral multiple of 32 bits.

In theory any MAC algorithm can be used to calculate the AD. The specification requires that HMAC-MD5-96 and HMAC-SHA-1-96 must be supported. In practice, Keyed SHA-1 is also used. Implementations usually support two to four algorithms.

When doing the AD calculation, the mutable fields are considered to be filled with zero. By replacing the field's value with zero rather than omitting these fields, alignment is preserved for the authentication calculation.

The selection of the appropriate SA for an outgoing IP packet is based at least upon the sending userid and the destination address. When host-oriented keying is in use, all sending userids will share the same SA to a given destination.


Main menuSection menuGive feedback on this tutorialPreviousNext
PrivacyLegalContact