[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

To: Peter Ford <peterf@microsoft.com>, "'iesg@ns.ietf.org'" <iesg@ns.ietf.org>
Subject: RE: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Date: Fri, 27 Mar 1998 09:06:44 -0800
Cc: ipsec@tis.com
In-Reply-To: <8D8EF175E72CD111805800805F3198EE03925D3F@red-msg-46.dns.microsoft.com>
Sender: owner-ipsec@ex.tis.com

At 09:04 PM 3/26/98 -0800, Peter Ford wrote:

Peter, thank you for your comments.

>comment 1)  Many people who are in the middle of implementing IPSEC AH are
>discovering the ugliness of this thing. Many are wondering in the privacy of
>their own development shops why we don't simply eliminate this AH thing and
>build the equivalent functionality into a set of ESP transforms.   This
>would result in a cleaner set of implementations and probably smaller,
>cheaper, better silicon and code.  In my own casual survey I have yet to run
>into anyone who feels strongly about keeping and/or using AH.

This is an interesting item.  The workgroup has gone back and forth on it.
There are some that feel that the functionality of AH, authenticating the
IP header is very valuable, others that feel it brings too little value and
is a protocol violation.  So in the end, we have two was to only
authenticate.  BTW, this  does present a marketing problem where use of ESP
does not assure privacy (see ID on NULL-ESP ;).

There is one strong argument for AH:  It is a smaller header than ESP with
NULL-ESP and some slow connections will value that.  This might also be
valuable for embedded systems, like assembly line robotics that only need
packet authentication (you don't want just anyone programming those
things), but you don't need privacy (ladder logic is rarely proprietary).

Another strong argument for AH was export.  The assumption is that AH will
always be exportable.  Getting an export license for an ESP implementation
that only does NULL-ESP might be a little hard.

It might be interesting to have discussions at Chicago if AH should remain
a MUST, but we need some field experience for that decision.

>comment 3)  Calling something "The Internet Key Exchange" seems a little out
>of place given the wild mileau of Key exchanges floating around in IETF
>working groups, let alone on the Internet at large.

You mean you don't like IKE :)

Robert Moskowitz
ICSA
Security Interest EMail: rgm-sec@htt-consult.com

Follow-Ups:

RE: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

From: Alex Alten <Andrade@ix.netcom.com>

Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

From: Bronislav Kavsan <bkavsan@ire-ma.com>

References:

RE: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

From: Peter Ford <peterf@microsoft.com>

Prev by Date: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Next by Date: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Prev by thread: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Next by thread: RE: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
Index(es):
- Main
- Thread