Re: AH and ESP Orthogonality

["Perry E. Metzger" <perry@piermont.com>]

William Allen Simpson writes:
> For the past several years, this WG (and others such as SIP, SIPP, and
> IPng, and other protocol designers such as SSL) strongly supported
> orthogonality between the Authentication and Encapsulation (both privacy
> and compression) facilities.
> 
> Recently, the WG chairs (without any stimulating WG comments) have tried
> to move the WG toward a non-orthogonal all-in-one approach for ESP.

I must admit that I actually somewhat agree with the all-in-one
approach. In Toronto, when the current formats were produced, we
agreed that we needed separate AH and ESP transforms not because one
would handle authentication and the other encryption, but because AH
was needed to provide a transparent encapsulation while ESP would
provide an opaque encapsulation. The reasons we had for permitting ESP
transforms to include any combination of encryption, authentication
and integrity checking was partially because this would save a
substantial number of bits on the wire for slow links. Our notion
initially was that we were cutting the gordion knot of which
particular services were to be provided by leaving most of that to the
transform documents, permitting transforms that essentially did
anything, and simply specifying a method (the SPI) for determining
which transform was in use.

This is not to say that only all-in-one transforms should exist, but I
think there is indeed a place for them some of the time.

Perry

---

References:

• AH and ESP Orthogonality
• From: William Allen Simpson <wsimpson@greendragon.com>

---

• Prev by Date: AH and ESP Orthogonality
• Next by Date: Re: AH and ESP Orthogonality
• Prev by thread: AH and ESP Orthogonality
• Next by thread: Re: AH and ESP Orthogonality
• Index(es):
  • Main
  • Thread