[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Reasons for AH & ESP

To: ipsec@lists.tislabs.com
Subject: Reasons for AH & ESP
From: KokMing <km.ang@student.qut.edu.au>
Date: Sun, 28 May 2000 11:39:58 +1000 (EST)
Sender: owner-ipsec@lists.tislabs.com

Hi,

Does anyone know, or is able to explain the reasons for AH & ESP?
As Neil Ferguson and Bruce Schneier wrote in 'Cryptographic Evaluation of
IPsec', I too, find no reasons for two protocols in the RFCs.

The reasons I think of is..

1. Cryptography is not exportable
Well, it's more or less exportable now, and does the use of MD5 as a HMAC
count as cryptography? I think not. Wouldn't it be better to have an ESP
with compulsory AH authentication, and optional encryption?

2. It's more flexible
IMHO, the flexibility of IPsec is killing it, the configurations are
simply too numerous and complex for a layman (like me) to make head and
tail, much less use it properly.

3. Finer grain of control
As said, is it necessary? Will it make IPsec more secure against
cracking? or spoofing? or nothing?

I'm sorry if this has been dwelt on long ago, but I simply couldn't stand
the mess IPsec is in, while I'm writing a paper about it, and I'll like
some comments on my views.

Regards,
Kokming Ang

ISRC
Queensland University of Technology
Brisbane, Australia

Follow-Ups:

Re: Reasons for AH & ESP

From: Robert Moskowitz <rgm-sec@htt-consult.com>

Re: Reasons for AH & ESP

From: "Thomas Porter, Ph.D." <tporter@dtool.com>

Prev by Date: Re: New patent info
Next by Date: IPSec between Windows2000 and Solaris8
Prev by thread: IP QoS
Next by thread: Re: Reasons for AH & ESP
Index(es):
- Main
- Thread