[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AH vs. ESP with MD5
I have a couple questions about the goals for the revised ESP
that includes integrity and replay protection.
1) Is the new ESP suppose to eliminate the need for the AH transform?
- If so, the current draft does not provide any integrity checks
on the IP header, so an attacker can modify those fields in
transit. Maybe that is not considered to be a threat.
- If not, then a secuure implementation that includes both AH
and ESP will have to perform two MD5 digests on the payload.
That is a 33% performance hit for large packets [with the
original AH-ESP, the payload is scanned once for the AH digest
and once for the DES-CBC, the new ESP-DES-CBC-MD5 requires
an additional scan of MD5 on the plaintext payload].
2) Do ESP packets need to be self describing in terms of the features
they support (e.g., whether replay protection is included)?
The current design assumes that the SPI determines all the
required features.
--Bob
Follow-Ups: