[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[2]: WG last call for IPv4 AH and ESP

To: Paul_Lambert-P15452@email.mot.com
Subject: Re: Re[2]: WG last call for IPv4 AH and ESP
From: "Perry E. Metzger" <perry@imsi.com>
Date: Tue, 21 Feb 1995 13:44:15 -0500
Cc: ipsec@ans.net
In-Reply-To: Your message of "21 Feb 1995 10:18:00 CST." <M25520.001.d1nf0.1.950221172338Z.CC-MAIL*/OU=SECCG/OU=AZBH/PRMD=MOT/ADMD=MOT/C=US/@MHS>
Reply-To: perry@imsi.com


Paul_Lambert-P15452@email.mot.com says:
> >There is just one protocol. The ESP and AH headers are two different
> >headers, but they function in substantially identical ways.  There is
> >a need for a transparent authentication only header which the AH
> >provides -- ESP provides for either confidentiality or confidentiality
> >and authentication.
> 
> Do these two header formats share the same protocol number?

If you have read the drafts, then this is obviously a rhetorical question.

> The IPv4-AH header that you propose meets the basic format
> requirements of the IPv6-AH protocol.  There is no need for both!

Yes there is. The AH header is transparent, the ESP header is
non-transparent. The need for both was discussed in enormous detail by
Steve Bellovin in Toronto. It also follows our general attempts to be
as reasonably compatible with the IPv6 formats as possible, which was
also part of the Toronto consensus.

> Other than this minor point the encapsulation formats still should directly 
> correspond to our last meeting.  We are not in that far off on technical 
> issues. 

No, we aren't. However, you refused repeatedly to discuss the matter
with me.

> < acrimonious maledictions skipped >
> 
> Please Perry, no need to get personal.  As chair I have been
> exceedingly quiet in pressing any personal opinions.  Your vitriolic
> ramblings do the group a disservice.

My "vitriolic ramblings" are not without cause.

I have attempted to discuss our "small technical differences" many
times, both in public and in private. I include the dinner I invited
you to in San Jose where you said nothing, forcing the rest of the
people at dinner to chit chat rather than discuss anything
subtantive. I include the three attempts I made to meet with you in
the San Jose terminal room, where you very diplomatically stated only
that our differences were small but refused to say anything
substantive.I also include the electronic mail I've sent you on these
matters in the two and a half months since which you have not seen fit
to reply to. (I am happy in retrospect that I cc'ed that mail to Jeff
Schiller.) You are correct that you've been very quiet in pressing
your opinions -- but that doesn't mean you haven't been obdurate in
them as well.

If, however, you would like to discuss the matter now, let us do so. I
have had an open door for nearly three months.

I will note, though, that there is very little time. To quote Jeff
Schiller, "The internet is bleeding." There is a need to deploy this
system within months -- a real need, given the active attacks in use
on the internet today. There are to my knowledge several
implementation efforts already in progress. I do not think that there
is much time for a redesign.

I will further note that no one other than you has thus far stated an
objection to the use of the IPv6 formats, which was the consensus in
Toronto. No one has stated any serious objection to the proposed
security transforms other than the prefix vs. suffix hash keying
dispute -- which along with some other algorithm discussion remains
one of our few legitimately open issues.

Perry

References:

Re[2]: WG last call for IPv4 AH and ESP

From: Paul_Lambert-P15452@email.mot.com

Prev by Date: Re[2]: WG last call for IPv4 AH and ESP
Next by Date: Re: WG last call for IPv4 AH and ESP
Prev by thread: Re[2]: WG last call for IPv4 AH and ESP
Next by thread: Re: WG last call for IPv4 AH and ESP
Index(es):
- Main
- Thread