[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: notes from developer's portion of IETF meeting

To: hugo@ee.technion.ac.il (Hugo Krawczyk)
Subject: Re: notes from developer's portion of IETF meeting
From: Dan.McDonald@Eng.sun.com (Dan McDonald)
Date: Wed, 23 Apr 1997 09:46:36 -0700 (PDT)
Cc: ipsec@tis.com
In-Reply-To: <199704231601.TAA13455@ee.technion.ac.il> from "Hugo Krawczyk" at Apr 23, 97 07:01:22 pm
Sender: owner-ipsec@ex.tis.com

It's kinda interesting watching this discussion.

The _only_ reason integrity-less encryption is still allowed is because
AH+ESP(transport) is a valid and useful combination.  I'll bet small sums of
money that AH+ESP(transport) was probably an original suggestion to solve
Steve Bellovin's [Bel96] cut-and-paste attacks.  I'm not sure why the
two-algorithms-in-one-SA approach was ever adopted, but it's too late to
argue these questions.

Auth-less ESP is dangerous for the very reasons documented both here on the
mailing list and in [Bel96].  We all know that, and it's nice to see the
reasons being brought up here.  It helps any newbies out there, as well as
remind us implementors what to watch out for.

BTW, I can see an ESP module issuing a warning or logging a danger sign that
an auth-less ESP SA has been added.  It could even say so again if such an SA
is actually being USED.

Dan

References:

Re: notes from developer's portion of IETF meeting

From: Hugo Krawczyk <hugo@ee.technion.ac.il>

Prev by Date: Re: notes from developer's portion of IETF meeting
Next by Date: Re: notes from developer's portion of IETF meeting
Prev by thread: Re: notes from developer's portion of IETF meeting
Next by thread: Re: notes from developer's portion of IETF meeting
Index(es):
- Main
- Thread