[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ICMP Security Failures

To: ipsec@ans.net
Subject: Re: ICMP Security Failures
From: Uwe Ellermann <Ellermann@cert.dfn.de>
Date: Fri, 29 Dec 1995 16:07:27 +0100
Reply-To: ipsec@ans.net
Sender: ipsec-owner@ans.net

> From: rja@rja-ss20.cisco.com (Randall Atkinson)
> IMHO, the combination of IP-AH-AH-ULP isn't sensible.  It adds no value
> to the IP-AH-ULP combination.
> 
How would two hosts communicate via AH, if an intervening router acting as a 
firewall is in place to enforce communication with AH? (similar to the scenario
in the photuris draft section C.3)

With IP-AH-ULP the router needs the key used to generate the AH. Otherwise 
the intervening router could only check, that there is an AH present, but 
could not check if AH is correct. Sharing the key with the router on the 
other hand degrades security, because the router can forge the AH of the host.

With IP-AH-AH-ULP the sending host could generate one AH with the key shared with
the router and the other AH  with a key shared with the other host.

Uwe

Follow-Ups:

Re: ICMP Security Failures

From: Michael Richardson <mcr@milkyway.com>

Prev by Date: Re: ICMP Security Failures
Next by Date: Re: AH/ESP & Replay Protection
Prev by thread: Re: ICMP Security Failures
Next by thread: Re: ICMP Security Failures
Index(es):
- Main
- Thread