[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IPSEC WORKING GROUP LAST CALL
At 04:49 PM 2/25/98 -0800, Patel, Baiju V wrote:
>I gave transport mode as an example. Same holds for
>tunnel mode.
>
>Correct me if I am wrong, but if I want to protect
>IP header (from adversary), and want integrity
>and confidentiality (which is reasonable, I would think),
>I do not have a choice but to use AH+ESP. This means
>that I need two authentication digests, one for AH, and
>other for ESP. Since authentication digest for AH covers
>everything that authentication digest for ESP covers, and more,
>I am wasting resources.
>
>It is my understanding that if I am doing AH+ESP, first I will encrypt
>the IP payload, then compute the ESP authentication digest over
>the encrypted payload, and then add AH header and compute the
>authentication digest for entire message (including parts of IP header,
>and encrypted payload of the original message). So, I cannot figure out
>any value in computing ESP's authentication digest.
No. You could just do ESP in tunnel mode, in which case the inner IP header
would be protected. The reason you need to have an authentication field in
ESP is that authentication is mandatory under many circumstances, just to
protect confidentiality. See
http://www.research.att.com/~smb/papers/badesp.ps
(or .pdf) for a lot more discussion of that. Given that authentication is
basically mandatory, there was no reason to have the overhead of an AH header
every time, too.
A different question is whether or not ESP should have included the IP
header fields in its authentication scope. Frankly, that's the ugliest
part of AH; I'm glad it wasn't added to ESP. As I've argued in the past,
protection of the IP header is generally irrelevant, but that's neither
here nor there at this point. That's an architectural decision that was
settled long ago; we're not changing it at this point in the process, I hope.
References: