[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AH vs. ESP with MD5

To: baldwin <baldwin@rsa.com>
Subject: Re: AH vs. ESP with MD5
From: Naganand Doraswamy <naganand@ftp.com>
Date: Thu, 7 Mar 1996 13:07:56 -0500
Cc: ipsec@TIS.COM
Sender: ipsec-request@neptune.tis.com


>1) Is the new ESP suppose to eliminate the need for the AH transform?
>   - If so, the current draft does not provide any integrity checks
>     on the IP header, so an attacker can modify those fields in
>     transit.  Maybe that is not considered to be a threat.
>   - If not, then a secuure implementation that includes both AH
>     and ESP will have to perform two MD5 digests on the payload.
>     That is a 33% performance hit for large packets [with the
>     original AH-ESP, the payload is scanned once for the AH digest
>     and once for the DES-CBC, the new ESP-DES-CBC-MD5 requires
>     an additional scan of MD5 on the plaintext payload].
>
The new ESP transform does not eliminate AH. AH is still useful in cases
where you dont need to encrypt the data. Also, you may have may only perfrom
AH and not ESP for export.

>2) Do ESP packets need to be self describing in terms of the features
>   they support (e.g., whether replay protection is included)?
>   The current design assumes that the SPI determines all the
>   required features.
>

>From what I understand talking to the editors, it is still not decided
whether replay protection is mandatory or optional. There should be some
discussion on this in the mailing list.

Regards,

--Naganand

Prev by Date: AH vs. ESP with MD5
Next by Date: Alternative transform encapsulation scheme
Prev by thread: Re: AH vs. ESP with MD5
Next by thread: Re: AH vs. ESP with MD5
Index(es):
- Main
- Thread