[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: notes from developer's portion of IETF meeting
Er... I must be missing something. I apologize if this is wrong, or has been
mentioned (or if I'm misunderstanding something), but weren't there some
serious security flaws in ESP without Authentication (AH)? See Belovin's
paper. I've heard that ESP by nature now includes an authentication to cover
those cases. Is that what is being discussed here?
I MUST be missing something..
jan
On Tue, 22 Apr 1997, David Wagner wrote:
> kent@bbn.com writes:
> > The meeting minutes suggested that ESP must always be used with
> > authentication, either intrinsic to ESP or via a separate AH, hence my
> > concern and an example of why I felt such a requirement would be unduly
> > restrictive. Authentication costs more in packet processing time, and
> > especially in space for the small packets that characterize compressed
> > audio.
>
> Now that I read this paragraph, I know how to phrase my objection
> more clearly.
>
> If packet voice folks are worried about the performance hit from
> the extra couple of words of overhead for AH, they shouldn't be using
> ipsec; they should be using some higher-level application-level
> authentication, which lets them do all sorts of application-specific
> optimizations (e.g. MACing entire kilobytes at a time).
>
> (By the way, typically authentication should require significantly
> less CPU time than encryption -- at least in my limited experience,
> though I admit I haven't written any ipsec code in two years.)
>
> We dare not carve a hole out of ipsec for each special-purpose group
> who wants their own optimization. The great value of ipsec is in its
> robustness across the great diversity of internet applications. An
> authentication-less ESP detracts from ipsec robustness, and I think
> that's bad for everyone.
>
> All IMHO, of course. -- Dave
>
--
Jan Vilhuber vilhuber@cisco.com
Cisco Systems, San Jose (408) 527-0847
References: