[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AH and ESP Combinations
> From: rja@rja-ss20.cisco.com (Randall Atkinson)
> IMHO, the combination of IP-AH-AH-ULP isn't sensible. It adds no value
> to the IP-AH-ULP combination.
>
Probably true.
> Similarly, the combination of IP-ESP-AH-ULP or IP-AH-ESP-ULP isn't very
> sensible. Both of those should use IP-ESP-ULP with an ESP transform
> combining confidentiality with strong integrity.
>
I firmly disagree.
Indeed, the whole point of separating AH from ESP was that the
authentication function should be separate and orthogonal to the
encryption function. I doubt that the WG would have ever gotten done
otherwise.
Even when ESP provides integrity (and we do not have any such encryption
technique specified), there will still be a need for authentication
which is separate from the encryption.
You were chastized (by others) previously for this error in your RFCs,
and I hope that you have fixed it in your next versions for Draft Standard.
Bill.Simpson@um.cc.umich.edu
Key fingerprint = 2E 07 23 03 C5 62 70 D3 59 B1 4F 5E 1D C2 C1 A2