RIP Comms Data conundrum: is dig.sig. address or content ?

[Ian BROWN]

>I think that in the IPsec suite of protocols, the authentication data is 
>added to the packet "on the outside". The names of the protocols involved 
>are Authentication Header (AH) and Encapsulation Security Payload (ESP)

AH puts a signature as a header in an IP packet. ESP encrypts and can also 
authenticate data.

Both can operate in transport or tunnel mode. Transport means AH just puts a 
signature header into the packet being authenticated, and ESP just encrypts 
the "content" part of the packet. Tunnel means the whole packet to be 
authenticated/encrypted is signed and/or encrypted, then enclosed as the body 
of another packet.

So:

* AH signatures are always exposed, unless the packet containing them is 
tunnelled inside an ESP packet.

* ESP signatures should never be exposed (as others have said, the data should 
be signed, then sig+data encrypted).

* Data that is encrypted using ESP (in either mode) then signed using AH will 
expose the signature.

A firewall, for example, might *require* that any packets passing through it 
are signed as part of a Security Association to which it is party.