[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: eliminate AH -- unanimous

One could also make the argument that we keep bringing back 
issues that we've discussed over and over like eliminating AH.
This isn't the first time this has come up. We still have it,
now all of a sudden, it is unanimous to get rid of it..  What?! 

I think we're past the point where anyone really cares if you have a 
conforming implementation anymore.  If you don't like AH, don't 
negotiate it.  As for a lot of us though, I think you'll see AH being 
negotiated by many implementations, regardless of the outcome
of this discussion.  

Why not a straw poll on how many people think it is too late to be 
making significant changes like this?

I once flamed Dan McDonald for complaining about nit picking (I apologize Dan,
you didn't deserve that)..   Now, I understand his frustration. 


-----Original Message-----
From:	William Allen Simpson [SMTP:wsimpson@greendragon.com]
Sent:	Tuesday, June 03, 1997 4:12 AM
To:	ipsec@tis.com
Subject:	Re: eliminate AH -- unanimous

Ahh, and it's messages like these that remind me what a true joy it has
been to discuss things with the cryptologic community.  If you bring two
of them together, you get 4 opinions; 3 of them yield 9, etc.

In this case, we cannot even get a consistent conclusion from the same
person in different weeks....

> From: Steven Bellovin <smb@research.att.com>
> Ever since Bill posted his straw poll, I've been bothered by an
> intuitive feeling that AH and encryptionless ESP were not equivalent.

Reminding you that the straw poll was posted in response to your message:

    Date: Wed, 21 May 1997 11:51:34 -0400
    From: Steven Bellovin <smb@research.att.com>
    *) I don't like meaningless cryptography.  Almost two years
    ago, I posted a field-by-field analysis.  I showed that the IP
    header fields are either irrelevant for security purposes,
    changed en route (and hence not protectable), or are or should
    be bound to the security association, and hence need not be
    authenticated on a per-packet basis.
    The only reason we're discussing this again is because we realized that
    encryption almost always requires authentication.  This may not be
    sufficient reason to reopen the question, especially given the
    immediately preceeding point.  But yes, in an ideal world I'd opt
    for a clean AH, aka encryptionless ESP.

> This afternoon, I finally realized the crucial difference:  AH can be
> deleted or ignored in a context-independent way.
> ... This can't be done with ESP
> without knowledge of the security association.
> Now -- whether or not we want to enable any of these abilities is a
> separate issue.  But the distinction does exist.
I conclude that the analysts have a wonderful time enumerating all the
possibilities, but are unable to make any final recommendations as to
the engineering choices we need to make.

I personally will have a very difficult time supporting any such future
recommendation, knowing that 9 days later the same analyst will come
back and undermine his own position.

So much for a consensus building exercise ... what a waste of time, in
this group.

Keep AH, and impose an outright ban on encryptionless ESP.

    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2