[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: eliminate AH -- unanimous

Ahh, and it's messages like these that remind me what a true joy it has
been to discuss things with the cryptologic community.  If you bring two
of them together, you get 4 opinions; 3 of them yield 9, etc.

In this case, we cannot even get a consistent conclusion from the same
person in different weeks....

> From: Steven Bellovin <smb@research.att.com>
> Ever since Bill posted his straw poll, I've been bothered by an
> intuitive feeling that AH and encryptionless ESP were not equivalent.

Reminding you that the straw poll was posted in response to your message:

    Date: Wed, 21 May 1997 11:51:34 -0400
    From: Steven Bellovin <smb@research.att.com>
    *) I don't like meaningless cryptography.  Almost two years
    ago, I posted a field-by-field analysis.  I showed that the IP
    header fields are either irrelevant for security purposes,
    changed en route (and hence not protectable), or are or should
    be bound to the security association, and hence need not be
    authenticated on a per-packet basis.
    The only reason we're discussing this again is because we realized that
    encryption almost always requires authentication.  This may not be
    sufficient reason to reopen the question, especially given the
    immediately preceeding point.  But yes, in an ideal world I'd opt
    for a clean AH, aka encryptionless ESP.

> This afternoon, I finally realized the crucial difference:  AH can be
> deleted or ignored in a context-independent way.
> ... This can't be done with ESP
> without knowledge of the security association.
> Now -- whether or not we want to enable any of these abilities is a
> separate issue.  But the distinction does exist.
I conclude that the analysts have a wonderful time enumerating all the
possibilities, but are unable to make any final recommendations as to
the engineering choices we need to make.

I personally will have a very difficult time supporting any such future
recommendation, knowing that 9 days later the same analyst will come
back and undermine his own position.

So much for a consensus building exercise ... what a waste of time, in
this group.

Keep AH, and impose an outright ban on encryptionless ESP.

    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2