[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Death to AH (was Re: SA identification)
Pekka Nikander wrote:
>
> ... I know, most of this has been discussed to death before,
> but for me the exact reason for killing AH seems unclear.
One set of reasons are given in the Schneier and Ferguson analysis at:
http://www.counterpane.com/ipsec.pdf
I'd say several of their recommendations were absolute no-brainers:
1) eliminate transport mode
2) eliminate AH
3) make authentication mandatory for ESP
5) remove the weak key checks; just don't use algorithms where weak keys are a risk
In my view, we should just do all of these.
As for their other recommendations:
4) modify ESP to ensure it authenticates all data used in deciphering
6) modify KEYMAT derivation
7) modify hashing
8) modify phase 2 KEYMAT derivation
These all look all look correct to me as well, but the issues are more complex and
I think we'd need fairly extensive discussion before implementing them.
Follow-Ups:
References: