You are here: Home > Terminology Reference > IP Authentication Header (AH)

IP Authentication Header (AH)

A header that provides integrity and IP authentication without confidentiality to IP datagrams. The lack of confidentiality (which would require encryption) ensures that implementations of the Authentication Header will be widely available on the Internet, even in locations where the export, import, or use of encryption to provide confidentiality is regulated. The Authentication Header supports security between two or more hosts implementing AH, between two or more security gateways implementing AH, and between a host or gateway implementing AH and a set of hosts or gateways. For optimal security the Authentication Header should be used from origin to final destination rather than being implemented only in security gateways. All IPv6 hosts must implement the IP Authentication Header. IPv4 systems that claim to implement the Authentication Header must implement the IP Authentication Header. When implemented the IP Authentication Header must use MD5 with a 128-bit key or a stronger hash function. An implementation may support other authentication algorithms in addition to keyed MD5. (See integrity, confidentiality, encryption, IPv6, key, and hash function in the hard copy dictionary.)