As far as I can tell, IPsec's ESP has the functionality of authentication and integrity built in:
RFC 2406: 2.7 Authentication Data The Authentication Data is a variable-length field containing an Integrity Check Value (ICV) computed over the ESP packet minus the Authentication Data. The length of the field is specified by the authentication function selected. The Authentication Data field is optional, and is included only if the authentication service has been selected for the SA in question. The authentication algorithm specification MUST specify the length of the ICV and the comparison rules and processing steps for validation. To my knowledge, IPsec implementations use AH for "signing" though. Why do we need AH, or why is it preferred? Thanks for your clarification! -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" [EMAIL PROTECTED] invalid PGP subkeys? use subkeys.pgp.net as keyserver! XP is NT with eXtra Problems.
Description: PGP signature