[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSEC WORKING GROUP LAST CALL



I gave transport mode as an example. Same holds for
tunnel mode.

Correct me if I am wrong, but if I want to protect
IP header (from adversary), and want integrity
and confidentiality (which is reasonable, I would think),
I do not have a choice but to use AH+ESP. This means
that I need two authentication digests, one for AH, and 
other for ESP. Since authentication digest for AH covers
everything that authentication digest for ESP covers, and more,
I am wasting resources.

It is my understanding that if I am doing AH+ESP, first I will encrypt
the IP payload, then compute the ESP authentication digest over
the encrypted payload, and then add AH header and compute the
authentication digest for entire message (including parts of IP header,
and encrypted payload of the original message). So, I cannot figure out
any value in computing ESP's authentication digest.

Baiju

> -----Original Message-----
> From:	Theodore Y. Ts'o [SMTP:tytso@MIT.EDU]
> Sent:	Wednesday, February 25, 1998 9:31 AM
> To:	Patel, Baiju V
> Cc:	'ipsec'
> Subject:	Re: IPSEC WORKING GROUP LAST CALL
> 
>    From: "Patel, Baiju V" <baiju.v.patel@intel.com>
>    Date: Tue, 24 Feb 1998 16:01:16 -0800
> 
>    I have a concern with AH+ESP in transport mode. 
>    Based on the requirements of ESP, ESP must negotiate
>    an integrity check mechanism. The MD5-HMAC or SHA-1 HMAC
>    MUST be supported for ESP. Similarly, the same integrity
>    algorithms are used by AH. 
> 
>    Therefore, it looks like I have to compute authentication data
>    twice using possibly same algorithm over mostly same data.
>    Something tells me that in this combination, I should be able
>    to negotiate NULL authentication algorithm for ESP.
> 
> Why do you want to use both AH and ESP in transport mode in the first
> place?  What's the desired functionality and application that you're
> trying to accomplish?
> 
> 						- Ted




Follow-Ups: