[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
No Subject
Fri, 27 Feb 1998 14:48:19 -0500 (EST)
Message-ID: <A1B6CB375930D11188D100A0C95A36BD011477A2@FMSMSX31>
From: "Patel, Baiju V" <baiju.v.patel@intel.com>
To: "'Stephen Kent'" <kent@bbn.com>,
"Patel, Baiju V"
<baiju.v.patel@intel.com>
Cc: "'ipsec'" <ipsec@tis.com>
Subject: RE: IPSEC WORKING GROUP LAST CALL
Date: Fri, 27 Feb 1998 11:12:12 -0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.1960.3)
Sender: owner-ipsec@portal.ex.tis.com
Precedence: bulk
Steve Kent writes:
If you choose to employ BOTH AH and ESP, AND if you elect to us
e
authentication with ESP (which is an option, not a requirement)
,
then you
will need to perform two HMAC computations, since the two ICVs
cover
different portions of the packet. However, a primary reason fo
r
not
requiring authentication with ESP in all cases is precisely thi
s
example.
Yes, you should be able to negotiate a null authentication
algorithm for
use with ESP.
Steven M. Bellovin [smb@research.att.com] writes:
No. You could just do ESP in tunnel mode, in which case the inner IP
header
would be protected. The reason you need to have an authentication fie
ld
in
ESP is that authentication is mandatory under many circumstances, just
to
protect confidentiality.
My comments:
If I read above statements carefully, it seems that Steve Bellovin is
saying that authentication is
mandatory for ESP which is different from what Steve Kent says.
Let me be very precise here. In most cases, you will want to use
authentication with ESP -- so many that the authentication *field* is a
standard part of the ESP packet format. Use is optional; you could
negotiate not using it. The same applies to the anti-replay counter.
But both fields are always present. The paper of mine that I cited
earlier explains why you generally should use these services.
You can use AH+ESP to protect the IP header, or you could use ESP in
tunnel mode, even between two end hosts. While some of us do indeed
feel that we should not have two such similar options, there was
no consensus on eliminating AH+ESP, or on eliminating AH altogether,
in favor of ESP with a null encryption transform.
AH with a null algorithm is useless, and hence is not defined. What
would its purpose be?
There is one other use for AH+ESP -- when the AH security association
is to a different endpoint -- say, a firewall -- than the ESP association.