[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Deprecation of AH header from the IPSEC tool kit
Michael Richardson writes:
>
> >>>>> "Michael" == Michael Thomas <mat@cisco.com> writes:
> Michael> Maybe you're misunderstanding me: if ESP had a bit which said
> Michael> "I'm protecting the outside headers too", it could be either
> Michael> signaled or potentially even done on an as-needed basis by the
> Michael> IPsec stack for IP headers which would otherwise require AH. I'm
> Michael> all for not protecting things that don't need protection
> Michael> otherwise.
>
> The point that Steve Bellovin keeps making, and which he has written about,
> is that AH does not provide much more in the way of authentication that
> ESP does not (at least for IPv4). The outer headers are all either
> irrelevant, or can be derived from the SPD, so you don't have to trust them.
That's true of v4 IP headers. Is it also true of v6
routing headers? Is it also true of all of the rest
of the v6 headers? I appreciate Steve's argument on
this, and I think they're valid -- for v4 IP headers.
What I don't agree with is that you can make a
blanket statement that you can never have a situation
where an outer header doesn't require some cryptographic
protection. This is definitional: you can't do a security
analysis on the undefined.
So, in order to deprecate AH (which I think has a
lot of merit), you'd have to do one of two things:
1) Put a stake in the ground saying that everything
outside of the ESP header is fair game, and that
if you must have protection you must put it inside
(begging the question of per-hop headers which
require the header be in the clear)
2) Hedge your bets by folding AH functionality into
ESP (or something like ESP). This could be done
by slavishly requiring AH functionality across
the board, or it could be more clever and optimize
only the cases where you have outer headers that
need to be protected (and potentially which
fields)
I'm not comfortable with #1 because smacks of
being able to predict the future with too much
certainty. #2 is certainly not easy since it
would require a careful analysis of each
header to determine whether there is any
benefit to including it into the MAC
calculation. However there would be a net
reduction in complexity and header size if we
nuked AH, so maybe it's worth it.
Mike
Follow-Ups:
References: