[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Death to AH (was Re: SA identification)

To: "Steven M. Bellovin" <smb@research.att.com>, Derek Atkins <warlord@mit.edu>
Subject: Re: Death to AH (was Re: SA identification)
From: Scott Fluhrer <sfluhrer@cisco.com>
Date: Fri, 13 Apr 2001 09:18:29 -0700
Cc: "John Lowry" <jlowry@bbn.com>, "Kopeikin, Roy A (Roy)" <rkopeikin@lucent.com>, "Stephen Kent" <kent@bbn.com>, "Peter Ford" <peterf@Exchange.Microsoft.com>, ipsec@lists.tislabs.com
In-Reply-To: <20010413145255.DF2094D97@challenger.research.att.com>
Sender: owner-ipsec@lists.tislabs.com

At 07:52 AM 4/13/01 , Steven M. Bellovin wrote:
>In message <sjmy9t4khhm.fsf@rcn.ihtfp.org>, Derek Atkins writes:
>>So does ESP with Authentication and NULL-encryption.
>
>Yes, but it's not context-free -- unless you know a priori that null 
>encryption is being used, you can't monitor it.
>
>This is the one point I'll concede to the AH proponents...

Actually, I wouldn't concede quite so quickly.  AH is not context-free
either -- unless you know a priori that the packet AH is protecting is
not itself encrypted (e.g. ESP is not being used along with AH), you
can't monitor it either.

>
>>
>>-derek
>>
>>"John Lowry" <jlowry@bbn.com> writes:
>>
>>> AH is likely to be attractive to network operators
>>> who are running intrusion detection systems and virus
>>> checkers at sub-domain (and less frequently at domain) boundaries.
>>> It provides authentication while preserving the ability to
>>> watch the traffic.
>>> 
>>> A minor point but ...
>>> 
>>> John 
>>> 
>>> -----Original Message-----
>>> From: owner-ipsec@lists.tislabs.com
>>> [mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Kopeikin, Roy A (Roy)
>>> Sent: Thursday, April 12, 2001 10:10 AM
>>> To: Stephen Kent; Peter Ford
>>> Cc: ipsec@lists.tislabs.com
>>> Subject: RE: Death to AH (was Re: SA identification)
>>> 
>>> 
>>> Concerning use/need for AH:
>>> 
>>> Do companies like iPASS use it? Their service allows you to login to their
>>> POP from anywhere in the world. They encrypt and then authenticate this
>>> access attempt (not sure they use IPSec AH today). Once this access is
>>> authorized, they encrypt nothing, hence having no use for ESP.
>>> 
>>> However the corporation subscribing to this service has no use for AH, butr
>>> could be interested in using ESP. iPASS advertised it was compatible with
>>> many VPN solutions, including IPSec ones. 
>>> 
>>> So could a company liek iPASS use ESP instead of AH for their service? What
>>> about other VPN-access-vendors? What do they want?
>>> 
>>> -----Original Message-----
>>> From: Stephen Kent [mailto:kent@bbn.com]
>>> Sent: Wednesday, April 11, 2001 1:02 PM
>>> To: Peter Ford
>>> Cc: ipsec@lists.tislabs.com
>>> Subject: RE: Death to AH (was Re: SA identification)
>>> 
>>> 
>>> Peter,
>>> 
>>> ><snip>
>>> >
>>> >The issues I brought up against AH were based on several issues:
>>> >
>>> >AH is/was fully redundant, and therefore did nothing but bloat the size
>>> >of an "IPSEC compliant" piece of software and hardware.  There were
>>> >Silicon vendors who told us that the combination of AH and other
>>> >enveloping (ESP-NULL, tunneling, etc.)  would blow the computational and
>>> >datapipe budgets they had in their designs.  One large silicon vendor
>>> >asked us to consider not supporting AH in combination with other IPSEC
>>> >and tunneling configurations.   Lastly, AH would confuse the "best
>>> >common practice" of deploying IPSEC - do you use AH or ESP with NULL
>>> >crypto or ....   Extending ESP was a superior way to address the
>>> >requirements presented in the course of IPSEC development.
>>> 
>>> AH is not fully redundant. It is fair to say that one can achieve 
>>> ALMOST ALL the features of AH through the use of tunnel mode ESP, 
>>> sans encryption, but the two are not exactly equivalent. Presumably 
>>> the argument we've having now is determining whether the situations 
>>> where AH offers unique services warrant keeping it as part of the 
>>> IPsec suite, in a mandatory capacity.
>>> 
>>> Your reference to the difficulty chip vendors envisioned in 
>>> supporting AH seemed to be a major motivation for the argument you 
>>> put forth, and that's an understandable concern. However, the IETF, 
>>> for better or worse, has usually not deferred to hardware vendor 
>>> concerns about implementation issues, relying on Moore's law to 
>>> address these issues over time. Instead, we often focus on software 
>>> implementation issues.
>>> 
>>> I don't understand the reference to "best common practice .." above.
>>> 
>>> Extending ESP was never seriously considered. No I-Ds on the topic 
>>> were ever published. There was considerable sentiment that making one 
>>> protocol (ESP) more complex as a means to avoid the need to implement 
>>> another protocol (AH) was not going to result in an overall simpler 
>>> system. I think this sentiment is accurate and persists today.
>>> 
>>> >
>>> >The arguments for AH:
>>> >
>>> >I) the document was already written and we are in a hurry because IPSEC
>>> >can not happen until docs went to PS
>>> 
>>> I believe the IETF meeting I referred to took place well before we 
>>> submitted 2401 as an RFC, so this argument seems a bit out of sync.
>>> 
>>> >II)there are existing/working implementations
>>> 
>>> true
>>> 
>>> >III) and my favorite - and I paraphrase - this AH issue was already
>>> >discussed, and most experts agree that AH was something akin to
>>> >unnecessary/botch/etc., but since the pesky critter was still in the doc
>>> >we needed to move on.  It could be fixed at DS or later.
>>> 
>>> I don't recall that.
>>> 
>>> >IV) AH was the way to say "no data encryption in this packet" to comply
>>> >with crypto wary governments.
>>> 
>>> Still true, but given the IAB position on crypto, not a good rationale.
>>> 
>>> >
>>> >Jeff Schiller asked me if we/they left AH in the arch doc would
>>> >Microsoft build versions of IPSEC without AH?  To which I noted that
>>> >this was not a proper question for a standards meeting and that for PC
>>> >and Server implementations this was less of an issue, but for small
>>> >devices (which MS also builds for) it could become a large issue.
>>> 
>>> Unfortunately, my cursory examination of the MS implementation of 
>>> IPsec for PCs and servers last May revealed that it is not compliant 
>>> with 2401 anyway, e.g., it fails to provide a means for a user or 
>>> administrator to order the SPD entries, a very explicit requirement. 
>>> the lack of this facility makes it hard, if not impossible, for one 
>>> to determine how the implementation will process traffic.
>>> 
>>> Steve
>>
>>-- 
>>       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>>       Member, MIT Student Information Processing Board  (SIPB)
>>       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>>       warlord@MIT.EDU                        PGP key available
>>
>
>
>		--Steve Bellovin, http://www.research.att.com/~smb
>

References:

Re: Death to AH (was Re: SA identification)

From: "Steven M. Bellovin" <smb@research.att.com>

Prev by Date: Re: Death to AH (was Re: SA identification)
Next by Date: Re: Death to AH (was Re: SA identification)
Prev by thread: Re: Death to AH (was Re: SA identification)
Next by thread: Re: Death to AH (was Re: SA identification)
Index(es):
- Main
- Thread