Message Authentication Code

• The authentication data field is calculated over:

  • IP header fields that either do not change in transit (immutable) or that are predictable in value upon arrival at the endpoint for the AH SA
  • The AH header other than the Authentication Data field
  • The entire upper-level protocol data, which is assumed to be immutable in transit (for instance, a TCP segment or an inner IP packet in tunnel mode)

Previous slide

Next slide

Back to first slide

View graphic version