Re: Death to AH (was Re: SA identification)

[Sandy Harris <sandy@storm.ca>]

Pekka Nikander wrote:
> 
> ... I know, most of this has been discussed to death before,
> but for me the exact reason for killing AH seems unclear. 

One set of reasons are given in the Schneier and Ferguson analysis at:
http://www.counterpane.com/ipsec.pdf

I'd say several of their recommendations were absolute no-brainers:

1) eliminate transport mode
2) eliminate AH
3) make authentication mandatory for ESP
5) remove the weak key checks; just don't use algorithms where weak keys are a risk

In my view, we should just do all of these.

As for their other recommendations:

4) modify ESP to ensure it authenticates all data used in deciphering
6) modify KEYMAT derivation
7) modify hashing
8) modify phase 2 KEYMAT derivation

These all look all look correct to me as well, but the issues are more complex and
I think we'd need fairly extensive discussion before implementing them.

---

Follow-Ups:

• Re: Death to AH (was Re: SA identification)
• From: Bill Sommerfeld <sommerfeld@East.Sun.COM>
• Re: Death to AH (was Re: SA identification)
• From: Stephen Kent <kent@bbn.com>

References:

• Re: SA identification
• From: Henry Spencer <henry@spsystems.net>
• Death to AH (was Re: SA identification)
• From: Ari Huttunen <Ari.Huttunen@F-Secure.com>
• Re: Death to AH (was Re: SA identification)
• From: Jari Arkko <jari.arkko@kolumbus.fi>
• Re: Death to AH (was Re: SA identification)
• From: Will Price <wprice@cyphers.net>
• Re: Death to AH (was Re: SA identification)
• From: Pekka Nikander <Pekka.Nikander@nomadiclab.com>

---

• Prev by Date: Re: Death to AH (was Re: SA identification)
• Next by Date: Re: Death to AH (was Re: SA identification)
• Prev by thread: Re: Death to AH (was Re: SA identification)
• Next by thread: Re: Death to AH (was Re: SA identification)
• Index(es):
  • Main
  • Thread