[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ICMP Security Failures

To: ipsec@ans.net
Subject: Re: ICMP Security Failures
From: rja@rja-ss20.cisco.com (Randall Atkinson)
Date: Thu, 28 Dec 95 10:04:19 PST
In-Reply-To: <199512280734.CAA18874@hiway1.exit109.com>
Newsgroups: cisco.external.ietf.ipsec
Organization: cisco Systems, Inc., Menlo Park, Ca.
Reply-To: ipsec@ans.net
Sender: ipsec-owner@ans.net

IMHO, the combination of IP-AH-AH-ULP isn't sensible.  It adds no value
to the IP-AH-ULP combination.

Similarly, the combination of IP-ESP-AH-ULP or IP-AH-ESP-ULP isn't very
sensible.  Both of those should use IP-ESP-ULP with an ESP transform
combining confidentiality with strong integrity.


>Obligatory repetitive bitching and moaning:
>
>If AH didn't try to protect bits of the datagram that precede the
>AH header (or used a pseudo-header), there wouldn't be a problem:
>IP-AH-AH and IP-ESP-AH would be valid & trivial to handle, as would
>other more complicated combinations.

  If AH didn't protect bits of the IP header, then AH would be useless
because it wouldn't provide efficient packet-origin authentication, which
is one of the main points of using AH.  While a pseudo-header might appeal
to those more concerned with theoretical purity than with practicality,
there is ample evidence that AH as currently specified can be built and
interoperate.  In Dallas several independent implementations were shown to
interoperate using AH, to give a concrete example.


Ran
rja@cisco.com

References:

Re: ICMP Security Failures

From: daw@cs.berkeley.edu (David Wagner)

Prev by Date: I-D ACTION:draft-krawczyk-keyed-md5-01.txt
Next by Date: Re: ICMP Security Failures
Prev by thread: Re: ICMP Security Failures
Next by thread: Re: ICMP Security Failures
Index(es):
- Main
- Thread