[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Death to AH? (was: Reasons for AH & ESP )

To: rgm-sec@htt-consult.com
Subject: Re: Death to AH? (was: Reasons for AH & ESP )
From: Paul Koning <pkoning@xedia.com>
Date: Fri, 2 Jun 2000 15:12:46 -0400 (EDT)
Cc: ipsec@lists.tislabs.com
References: <20000601130951.AD95E35DC2@smb.research.att.com><4.3.2.7.2.20000602141843.045af6b0@homebase.htt-consult.com>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Robert" == Robert Moskowitz <rgm-sec@htt-consult.com> writes:

 Robert> At 09:09 AM 6/1/2000 -0400, Steven M. Bellovin wrote:
 >> Some of us have argued against AH for years -- I still have a note
 >> I sent in 1995 detailing its uselessness.  But I see no consensus
 >> to re-open the question; I certainly don't intend to lead any
 >> charge to delete it from the spec as we move towards Draft
 >> Standard.  (Admittedly, I have considered such an effort, but I
 >> don't think enough people or views have changed to make it
 >> worthwhile, and I'd rather not stir up pointless controversy.)

 Robert> I might think the first step toward that is to poll this
 Robert> diverse group to see if anyone is deploying AH and could not
 Robert> use ESP NULL instead.

Ok, here's one data point.  The Lucent (formerly Xedia) Access Point
IPsec implementation uses ESP Null; it does not support AH.

(One reason is the extreme pain encounted when doing AH with IPcomp
using a hardware accelerator, btw.)

 Robert> I am all for a rough concensus that will change the IPsec/IKE
 Robert> standards to list AH as a Historical protocol that should not
 Robert> be implemented anymore.

I know this was attempted about 2 years ago at a Chicago IETF meeting
and failed there (on something vaguely resembling a tie vote).
Perhaps in the light of more widespread implementation experience we
can have a different outcome.

 Robert> I would also be interested in a lively debate by IPv6
 Robert> knowedgeable engineers that can couner Steve B's concerns on
 Robert> the real value of AH to v6.

I would too, because I share Steve B's doubts.  It would be good if
anyone who feels differently could specifically address the issues
Steve raised.

 Robert> However, I might point out that some vendors have had their
 Robert> ICSA certification delayed while they hustled to add the NULL
 Robert> encryption to their ESP implementation. 

Fortunately it is easy, except for the somewhat confusing pad rules...

 Robert> ....  Speaking on NULL, it
 Robert> is also sad on the number of vendors that implemented it with
 Robert> a key length of ZERO.  That is in IKE they explicitely
 Robert> specified the key length as ZERO.

Or rather, it is sad that IKE insists this is illegal.  The "be strict
on transmit, tolerant on receive" principle would say that for a
cipher with a fixed length key you could either omit the length or
include it, but if you include it, it has to be the single permitted
value.

	paul

References:

Re: Reasons for AH & ESP

From: "Steven M. Bellovin" <smb@research.att.com>

Death to AH? (was: Reasons for AH & ESP )

From: Robert Moskowitz <rgm-sec@htt-consult.com>

Prev by Date: Death to AH? (was: Reasons for AH & ESP )
Next by Date: RE: Death to AH? (was: Reasons for AH & ESP )
Prev by thread: Death to AH? (was: Reasons for AH & ESP )
Next by thread: RE: Death to AH? (was: Reasons for AH & ESP )
Index(es):
- Main
- Thread