[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
--- On Sun, 29 Mar 1998 09:24:41 -0500 Bronislav Kavsan <bkavsan@ire-ma.com> wrote:
> Neither AH nor NULL-ESP provide data confidentiality - why is the former protocol
> less difficult to export than the latter?
Because AH has no specified mode where it is capable of providing
confidentiality. In practice, it is easier to make the case for export of AH
than for any form of ESP. One could argue that the clue level of bureaucrats
in various parts of various governments (hint: this isn't a US-only issue)
is too low.
However, I'll also note that the provided security properties of AH are
different than the provided security properties of ESP with NULL encryption
-- this difference is particularly large in the IPv6 world where optional headers
were designed with security in mind. Its fascinating to watch how IPv4-only
the discussions about AH have been over the past several months. At one time,
people speculated that ESP/AH would only be implemented for IPv6 in practice.
> > It might be interesting to have discussions at Chicago if AH should remain
> > a MUST, but we need some field experience for that decision.
>
> Question: if AH becomes non-MUST - does it mean that SA Bundles (both Transport
> Adjacency and Iterative Tunneling) will also become non-MUST? This will result in
> significant simplification of IPsec complient implementations.
Note that for IPv4, both ESP and AH are optional -- no one has to implement
either AH or ESP or ISAKMP/IKE.
For IPv6, the IETF community made a decision after much acrimony that
IPsec security was must implement. AH provides security for optional IPv6 headers
that ESP with NULL encryption cannot provide.
Ran
rja@inet.org
References: