[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject



	 Fri, 27 Feb 1998 14:48:19 -0500 (EST)
	 Message-ID: <A1B6CB375930D11188D100A0C95A36BD011477A2@FMSMSX31>
	 From: "Patel, Baiju V" <baiju.v.patel@intel.com>
	 To: "'Stephen Kent'" <kent@bbn.com>,
	         "Patel, Baiju V"
	 	 <baiju.v.patel@intel.com>
	 Cc: "'ipsec'" <ipsec@tis.com>
	 Subject: RE: IPSEC WORKING GROUP LAST CALL
	 Date: Fri, 27 Feb 1998 11:12:12 -0800
	 MIME-Version: 1.0
	 X-Mailer: Internet Mail Service (5.5.1960.3)
	 Sender: owner-ipsec@portal.ex.tis.com
	 Precedence: bulk
	 
	 Steve Kent writes:
	 	If you choose to employ BOTH AH and ESP, AND if you elect to us
	e
	 	authentication with ESP (which is an option, not a requirement)
	,
	 then you
	 	will need to perform two HMAC computations, since the two ICVs
	 cover
	 	different portions of the packet.  However, a primary reason fo
	r
	 not
	 	requiring authentication with ESP in all cases is precisely thi
	s
	 example.
	 	Yes, you should be able to negotiate a null authentication
	 algorithm for
	 	use with ESP.
	 
	 Steven M. Bellovin [smb@research.att.com] writes:
	 
	 No.  You could just do ESP in tunnel mode, in which case the inner IP
	 header
	 would be protected.  The reason you need to have an authentication fie
	ld
	 in
	 ESP is that authentication is mandatory under many circumstances, just
	 to
	 protect confidentiality.
	 
	 
	 My comments: 
	 
	 If I read above statements carefully, it seems that Steve Bellovin is
	 saying that authentication is
	 mandatory for ESP which is different from what Steve Kent says.

Let me be very precise here.  In most cases, you will want to use
authentication with ESP -- so many that the authentication *field* is a
standard part of the ESP packet format.  Use is optional; you could
negotiate not using it.  The same applies to the anti-replay counter.
But both fields are always present.  The paper of mine that I cited
earlier explains why you generally should use these services.

You can use AH+ESP to protect the IP header, or you could use ESP in
tunnel mode, even between two end hosts.  While some of us do indeed
feel that we should not have two such similar options, there was
no consensus on eliminating AH+ESP, or on eliminating AH altogether,
in favor of ESP with a null encryption transform.

AH with a null algorithm is useless, and hence is not defined.  What
would its purpose be?

There is one other use for AH+ESP -- when the AH security association
is to a different endpoint -- say, a firewall -- than the ESP association.