[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Reasons for AH & ESP

To: Robert Moskowitz <rgm-sec@htt-consult.com>
Subject: Re: Reasons for AH & ESP
From: Stephen Kent <kent@bbn.com>
Date: Tue, 30 May 2000 11:04:53 -0400
Cc: ipsec@lists.tislabs.com
In-Reply-To: <4.3.1.2.20000529085323.00eba100@homebase.htt-consult.com>
References: <4.3.1.2.20000529085323.00eba100@homebase.htt-consult.com>
Sender: owner-ipsec@lists.tislabs.com

Bob,

>At 11:39 AM 5/28/2000 +1000, KokMing wrote:
>
>>Does anyone know, or is able to explain the reasons for AH & ESP?
>>As Neil Ferguson and Bruce Schneier wrote in 'Cryptographic Evaluation of
>>IPsec', I too, find no reasons for two protocols in the RFCs.
>
>Part of it is Historical:
>
>1)      Review RFCs 1825 - 1829.  Then ESP did not do packet 
>authentication.  For privacy and authentication, yoiu needed both AH 
>+ ESP.

True, but when I started to rewrite the AH, ESP, and Ipsec 
architecture documents, the fact that the old ESP supported only 
encryption was not a influence on the new ESP.

>
>2)      Early reworking of ESP, adding authentication (after the 
>Danver's IETF) did not have a mode with authentication and no 
>privacy.  This only came about when I convinced Rob Glenn to write 
>the NULL transform draft at the IPsec workshop in Raleigh NC 
>(Workshop #5).

I think you are trying to rewrite history here :-).  As the ESP 
document editor, I introduced the notion of ESP as completely 
modular.  This was debated on the list and later rejected by a group 
of developers at the St. Louis IETF, which I was unable to attend. 
So, I removed the text from the next draft of ESP.  However, a few 
months later, the developers started to receive requests from 
perspective clients who wanted an authentication only ESP, and so ESP 
became modular again.  As you may recall, I am the co-author of 2410, 
with Rob.  That document was required only because the IKE developers 
did  not want to change the payload definition for ESP, to allow 
either one or two algorithms.  Hence the need for null encryption and 
null authentication algorithm definitions. But, since the IPsec 
architecture does not require IKE, this accommodation of IKE 
constraints was not essential to the modular definition of ESP.

>During standards development, it was of greater concern to get 
>things right than to argue what to prune.  There where some back 
>then, that valued AH over ESP NULL for export reasons, for example.

Still a valid concern for U.S. hardware vendors today,  despite the 
earlier comment.  The relaxed export rules are most lenient towards 
mass market software.

>
>Then there is the IPv6 concern.  AH DOES offer header protection for 
>IPv6 that ESP cannot provide.

Correct.

Steve

References:

Re: Reasons for AH & ESP

From: Robert Moskowitz <rgm-sec@htt-consult.com>

Prev by Date: Re: Is "Denial Of Service attack" a security issue?
Next by Date: RE: Reasons for AH & ESP
Prev by thread: Re: Reasons for AH & ESP
Next by thread: Re: Reasons for AH & ESP
Index(es):
- Main
- Thread