[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Death to AH (was Re: SA identification)
At 9:24 AM -0500 3/23/01, Henry Spencer wrote:
>On Fri, 23 Mar 2001, FUKUMOTO Atsushi wrote:
>> > (Note, for example, IESG's recently-expressed doubts about
>> > whether the authentication requirements of Binding Updates can really be
>> > met using AH.)
>>
>> I have read it as a doubt to the use of IPSec in general, rather than
>> AH alone... Was I wrong?
>
>You are correct, but you've missed the implication: this is an alleged
>"requirement for AH" which, on closer examination, cannot actually be
>satisfied by AH (or ESP). So it's not a requirement for AH at all, and
>cannot be used to justify keeping AH.
>
> Henry Spencer
> henry@spsystems.net
I am not a big fan of keeping AH, but Herny's comments are strong
enough to warrant a reply.
There were several arguments made for AH initially. Some have gone
away, e.g., the need for an authentication only mode of operation
that would allow export when and encrypt and authenticate mode would
have been export limited. The introduction of authentication-only
ESP, which I championed, made this argument less germane, as has the
easing of export controls on encryption products.
Another requirement was more narrowly focused on protecting IP header
elements for validation by intermediate routers. IP security labels
used to control routing were a cited example. However, this
application is hard to realize unless the AH integrity function is a
signature, which is relatively slow to generate and big and thus not
all that attractive for now.
I have a vague understanding of IPv6 mobility use AH, but not good
enough to be able to defend it, or to say why it seems infeasible.
Steve
References: