[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reasons for AH & ESP



At 11:39 AM 5/28/2000 +1000, you wrote:
>Hi,
>
>Does anyone know, or is able to explain the reasons for AH & ESP?
>As Neil Ferguson and Bruce Schneier wrote in 'Cryptographic Evaluation of
>IPsec', I too, find no reasons for two protocols in the RFCs.
>
Currently, there is no reason to do AH.  It's a relic...

Tom

>The reasons I think of is..
>
>1. Cryptography is not exportable
>Well, it's more or less exportable now, and does the use of MD5 as a HMAC
>count as cryptography? I think not. Wouldn't it be better to have an ESP
>with compulsory AH authentication, and optional encryption?
>
>2. It's more flexible
>IMHO, the flexibility of IPsec is killing it, the configurations are
>simply too numerous and complex for a layman (like me) to make head and
>tail, much less use it properly.
>
>3. Finer grain of control
>As said, is it necessary? Will it make IPsec more secure against
>cracking? or spoofing? or nothing?
>
>I'm sorry if this has been dwelt on long ago, but I simply couldn't stand
>the mess IPsec is in, while I'm writing a paper about it, and I'll like
>some comments on my views.
>
>Regards,
>Kokming Ang
>
>ISRC
>Queensland University of Technology
>Brisbane, Australia
> 
*****************************
Thomas Porter, Ph.D.

http://www.dtool.com
http://www.xnetsec.com
"There is magic in the web."
Shakespeare 
Othello, Act 3, Scene 4
**********************************  


References: