[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

eliminate AH

To: Steven Bellovin <smb@research.att.com>
Subject: eliminate AH
From: "William Allen Simpson" <wsimpson@greendragon.com>
Date: Thu, 22 May 97 04:24:05 GMT
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

> From: Steven Bellovin <smb@research.att.com>
>       *) I don't like meaningless cryptography.  Almost two years
>       ago, I posted a field-by-field analysis.  I showed that the IP
>       header fields are either irrelevant for security purposes,
>       changed en route (and hence not protectable), or are or should
>       be bound to the security association, and hence need not be
>       authenticated on a per-packet basis.
>
I don't remember this message, and cannot find it.  Could you please
point us to a date (or even a month), so that I can find it in my
archives?


> 	*) I don't like working groups that drag on forever,
> 	fine-tuning a protocol to the point of irrelevancy.  Folks,
> 	we're under a deadline.  There are real products out there that
> 	implement some version of IPSEC.  There are things like PPTP
> 	that also include authentication and encryption.  We need to
> 	finish *now*.
>
My view is that we passed the deadline some years ago.  Certainly, we
passed our charter deadline.  I think we passed the Internet commercial
usefulness deadline, too.

We have at least 4 Working Groups creating their own security protocols,
because this WG never got done.  We had something, and the "powers that
be" declared it obsolete.


> The only reason we're discussing this again is because we realized that
> encryption almost always requires authentication.  This may not be
> sufficient reason to reopen the question, especially given the
> immediately preceeding point.  But yes, in an ideal world I'd opt
> for a clean AH, aka encryptionless ESP.
>
Fine.  Then, let's get rid of AH entirely.

We started without AH, with swIPe in 1992-1993.

I was a convert to the philosophy that orthogonality of function was
important in this matter, for both political (export) and practical
reasons; thus, that AH and ESP should be separate.  Like many converts,
I followed that path with zeal.  I was willing to have the extra 8 bytes
of overhead.

But, the leader of that path, Ran Atkinson, recanted last year, saying
it was a "serious mistake".  He said this into a microphone, and we have
his words on file.

It is causing too much contention to keep going down this path.

I don't want 2 different ways to authenticate.  It's too complicated.

We only need one way, for all the reasons given by Steve in his earlier
message.  If we have it in ESP, and cannot agree on when to use it and
when not, then let's discard AH.  Simplify.

Follow-Ups:

Re: eliminate AH

From: andrade@netcom.com (Andrade Software Andrade Networking)

Re: eliminate AH

From: Matt Thomas <matt.thomas@altavista-software.com>

Re: eliminate AH

From: "C. Harald Koch" <chk@tor.securecomputing.com>

Prev by Date: Re: ESP revisions straw poll
Next by Date: Re: Empty encryption
Prev by thread: new AH spec
Next by thread: Re: eliminate AH
Index(es):
- Main
- Thread