[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proposed changes to ESP (andf a little AH too)

To: "Theodore Y. Ts'o" <tytso@MIT.EDU>, Stephen Kent <kent@bbn.com>
Subject: Re: Proposed changes to ESP (andf a little AH too)
From: Robert Moskowitz <rgm3@chrysler.com>
Date: Tue, 25 Mar 1997 07:20:21 -0500
Cc: ipsec@tis.com
In-Reply-To: <9703212112.AA20804@dcl.MIT.EDU>
References: <Stephen Kent's message of Fri, 21 Mar 1997 14:10:11 -0500,<v0300780eaf5886498ba8@[128.89.0.110]>
Reply-To: rgm3@chrysler.com
Sender: owner-ipsec@ex.tis.com

At 04:12 PM 3/21/97 -0500, Theodore Y. Ts'o wrote:
>
>In the case of using ESP to create VPN's through security gateways, the
>threat of traffic analysis doesn't really apply, since the authenticated
>destination will always be the other security gateway.  Indeed, the
>traffic analysis threat isn't important if we're doing host keying for
>the same reason --- the low level, unauthenticated address allows for
>traffic analysis anyway.
>
>The only place where traffic analysis would matter would be if we did
>user-based keying, and we have multiple users using the same host, in a
>time-sharing fashion.  

Ah, but you missed the case where the SA was built from the identity of the
system behind the gateway.  This is not user-based keying, but key proxing.


Robert Moskowitz
Chrysler Corporation
(810) 758-8212

References:

Re: Proposed changes to ESP (andf a little AH too)

From: "Theodore Y. Ts'o" <tytso@MIT.EDU>

Prev by Date: Re: Proposed changes to ESP (andf a little AH too)
Next by Date: Re: Proposed changes to ESP (andf a little AH too)
Prev by thread: Re: Proposed changes to ESP (andf a little AH too)
Next by thread: Re: Proposed changes to ESP (andf a little AH too)
Index(es):
- Main
- Thread