[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ESP and AH on a secure gateway
I am developing a secure gateway, i.e. providing encryption on behalf
of my trusted subnet. This gateway will be using ESP tunnel-mode and
AH.
secure (untrusted) secure
host gateway----------------------------gateway host
| | | |
---------- -----------
(untrusted subnet) (trusted subnet)
After reading and discussing the appropriate RFC's (1825, 1826, etc),
I'm a little confused on how to use a combination of ESP and AH. To
clarify, if I receive a packet from a trusted host, should I
authenticate this IP packet, add in the AH, and then encrypt and add
the ESP header? Such as: (IP hdr H = IP hdr produced by trusted host
IP hdr G = IP hdr produced by gateway)
From trusted host: |IP hdr H|data|
|
v
On Gateway: |IP hdr H|AH|data|
|
v
On Gateway: |IP hdr G|ESP hdr|encrypted(IP hdr H|AH|data)|
OR,
Should I encrypt the received IP packet and add the ESP header, and
THEN authenticate this data. Such as
From trusted host: |IP hdr H|data|
|
v
On Gateway: |IP hdr G|ESP hdr|encrypted(IP hdr H|data)|
|
v
On Gateway: |IP hdr G|AH hdr|ESP hdr|encrypted(IP hdr H|data)|
In the first method, I'm authenticating the trusted host's clear-text
packet, while in the second method, I am authenticating the ESP packet
my gateway has produced. I am inclined to say the latter method is
more appropriate for a gateway, since I shouldn't be authenticating
"someone else's" data.
Opinions?
-- Rick Pluth
(rpluth@nei.com)
Date: Fri, 25 Oct 1996 09:57:20 -0400
From: Hilarie Orman <ho@earth.hpc.org>
Message-Id: <199610251357.JAA12001@earth.hpc.org>
To: naganand@ftp.com
Cc: ipsec@TIS.COM
In-reply-to: Yourmessage <199610242352.QAA10534@baskerville.CS.Arizona.EDU>
Subject: Re: Clarification on 3DES transforms
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk
The OAKLEY draft discusses how to turn raw keying material into keys,
and I'd suggest that you follow that method, which adds an extra byte
to the keying material before generating a hash. It is important, I think,
to have a uniform method for taking raw keying material (a varible length
integer) and turning it into keys for a transform.
I'd suggest that each transform come equipped with an interface for generating
its key from a VPI input.
Hilarie
Follow-Ups: