[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Death to AH (was Re: SA identification)

To: <ipsec@lists.tislabs.com>
Subject: RE: Death to AH (was Re: SA identification)
From: "Peter Ford" <peterf@Exchange.Microsoft.com>
Date: Thu, 5 Apr 2001 12:18:34 -0700
Sender: owner-ipsec@lists.tislabs.com
Thread-Index: AcC9RAC7oVa6cnNkSPWX9XoFJ6HJ1AAYDcqwABdkWQA=
Thread-Topic: Death to AH (was Re: SA identification)


>  And Steve's memory is the same as mine. It was an end-system vendor,
Peter 
>Ford "from the Microsoft Corporation", who argued quite strongly for
the 
>removal of AH. 



In deference to IETF tradition I should complain and state that I am not
from an end-system vendor, I work for a Host vendor, although I suspect
Microsoft has as many hosts operating as intermediate systems and NATs
as most  vendors!

The issues I brought up against AH were based on several issues:

AH is/was fully redundant, and therefore did nothing but bloat the size
of an "IPSEC compliant" piece of software and hardware.  There were
Silicon vendors who told us that the combination of AH and other
enveloping (ESP-NULL, tunneling, etc.)  would blow the computational and
datapipe budgets they had in their designs.  One large silicon vendor
asked us to consider not supporting AH in combination with other IPSEC
and tunneling configurations.   Lastly, AH would confuse the "best
common practice" of deploying IPSEC - do you use AH or ESP with NULL
crypto or ....   Extending ESP was a superior way to address the
requirements presented in the course of IPSEC development.

The arguments for AH:

I) the document was already written and we are in a hurry because IPSEC
can not happen until docs went to PS
II)there are existing/working implementations
III) and my favorite - and I paraphrase - this AH issue was already
discussed, and most experts agree that AH was something akin to
unnecessary/botch/etc., but since the pesky critter was still in the doc
we needed to move on.  It could be fixed at DS or later.
IV) AH was the way to say "no data encryption in this packet" to comply
with crypto wary governments.

Jeff Schiller asked me if we/they left AH in the arch doc would
Microsoft build versions of IPSEC without AH?  To which I noted that
this was not a proper question for a standards meeting and that for PC
and Server implementations this was less of an issue, but for small
devices (which MS also builds for) it could become a large issue.

If AH can be left for historical, so much the better.

cheers, peter

Follow-Ups:

RE: Death to AH (was Re: SA identification)

From: Stephen Kent <kent@bbn.com>

Prev by Date: Invalid SPI RFC2408 5.5
Next by Date: Re: Death to AH (was Re: SA identification)
Prev by thread: Re: Death to AH (was Re: SA identification)
Next by thread: RE: Death to AH (was Re: SA identification)
Index(es):
- Main
- Thread