The Use of RSA Signatures within ESP and AH

Document Type Replaced Internet-Draft (individual)
Author Brian Weis 
Last updated 2010-04-08 (latest revision 2003-08-07)
Replaced by RFC 4359
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-msec-ipsec-signatures
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This memo describes the use of the RSA Signature algorithm [RSA] as an authentication algorithm within the revised IPSEC Encapsulating Security Payload [ESP] and the revised IPSEC Authentication Header [AH]. The use of a digital signature algorithm such as RSA provides origin authentication, even when ESP and AH are used to secure group data flows. Further information on the other components necessary for ESP and AH implementations is provided by [ROADMAP].


Brian Weis (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)