[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: AH (without ESP) on a secure gateway




Bill

BW> Last month there was a question regarding ESP and AH on a secure 
     gateway as in the following model.

     
       secure                 (untrusted)         secure
       hostA  gatewayA---------------------------gatewayB  hostB
        |      |                                     |      |
       ----------                                   -----------
      (trusted subnet)                             (trusted subnet)
     
     
BW>   My question is whether AH on a secure gateway even makes sense at all 
     if ESP is not being performed.


Consider the case where one gateway is in a country like France which
does not allow encryption. An organization could still use AH to
authenticate that the source of the packets was another secure gateway
belonging to the organization.

BW>  Consider hostA sending a packet to hostB.  If gatewayA places an AH on 
     the packet, it would appear as if it was authenticated by hostA, not a 
     good idea in my mind.

The receiving gateway/host knows (should know) that the AH keying material
is held by Gateway A and not Host A. If the receiving gateway/host
does not know which devices it shares keying material with, you have a
key management problem. 

Tom Markham


Follow-Ups: