[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AH vs. ESP with MD5



        I have a couple questions about the goals for the revised ESP
that includes integrity and replay protection.

1) Is the new ESP suppose to eliminate the need for the AH transform?
   - If so, the current draft does not provide any integrity checks
     on the IP header, so an attacker can modify those fields in
     transit.  Maybe that is not considered to be a threat.
   - If not, then a secuure implementation that includes both AH
     and ESP will have to perform two MD5 digests on the payload.
     That is a 33% performance hit for large packets [with the
     original AH-ESP, the payload is scanned once for the AH digest
     and once for the DES-CBC, the new ESP-DES-CBC-MD5 requires
     an additional scan of MD5 on the plaintext payload].

2) Do ESP packets need to be self describing in terms of the features
   they support (e.g., whether replay protection is included)?
   The current design assumes that the SPI determines all the
   required features.

                --Bob




Follow-Ups: