The Authentication Header (AH) is an IPSec protocol used to provide data integrity, data origin authentication, and limited antireplay (the antireplay is optional) services to IP. AH does not provide any encryption services.

Since AH does not provide confidentiality, it does not require a cipher algorithm. It does, though, require an authenticator. AH defines the method of protection, the placement of the header, the authentication coverage, and input and output processing rules, but it does not define the authentication algorithm to use. Like its sibling protocol, ESP, AH does not mandate antireplay protection. The use of the antireplay services are solely at the discretion of the recipient and there is ...