[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: AH (without ESP) on a secure gateway
Bill
BW> Last month there was a question regarding ESP and AH on a secure
gateway as in the following model.
secure (untrusted) secure
hostA gatewayA---------------------------gatewayB hostB
| | | |
---------- -----------
(trusted subnet) (trusted subnet)
BW> My question is whether AH on a secure gateway even makes sense at all
if ESP is not being performed.
Consider the case where one gateway is in a country like France which
does not allow encryption. An organization could still use AH to
authenticate that the source of the packets was another secure gateway
belonging to the organization.
BW> Consider hostA sending a packet to hostB. If gatewayA places an AH on
the packet, it would appear as if it was authenticated by hostA, not a
good idea in my mind.
The receiving gateway/host knows (should know) that the AH keying material
is held by Gateway A and not Host A. If the receiving gateway/host
does not know which devices it shares keying material with, you have a
key management problem.
Tom Markham
Follow-Ups: