[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AH and ESP Combinations

To: ipsec@ans.net
Subject: AH and ESP Combinations
From: "William Allen Simpson" <bsimpson@morningstar.com>
Date: Fri, 29 Dec 95 00:19:14 GMT
Reply-To: ipsec@ans.net
Sender: ipsec-owner@ans.net

> From: rja@rja-ss20.cisco.com (Randall Atkinson)
> IMHO, the combination of IP-AH-AH-ULP isn't sensible.  It adds no value
> to the IP-AH-ULP combination.
>
Probably true.


> Similarly, the combination of IP-ESP-AH-ULP or IP-AH-ESP-ULP isn't very
> sensible.  Both of those should use IP-ESP-ULP with an ESP transform
> combining confidentiality with strong integrity.
>
I firmly disagree.

Indeed, the whole point of separating AH from ESP was that the
authentication function should be separate and orthogonal to the
encryption function.  I doubt that the WG would have ever gotten done
otherwise.

Even when ESP provides integrity (and we do not have any such encryption
technique specified), there will still be a need for authentication
which is separate from the encryption.

You were chastized (by others) previously for this error in your RFCs,
and I hope that you have fixed it in your next versions for Draft Standard.

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Prev by Date: Re: ICMP Security Failures
Next by Date: AH and ESP Combinations
Prev by thread: AH and ESP Combinations
Next by thread: AH and ESP Combinations
Index(es):
- Main
- Thread