Re: Require AH?

[Dan McDonald <danmcd@East.Sun.COM>]

> An alternative would be to require AH on all IPsec connections, giving:
> 
> 	use none, just do normal IP
> 	one way to do authentication alone,  AH
> 	one way to do encryption + authentication, AH + ESP
> 
> This gets rid of that nasty fourth alternative, keeps AH for those that
> need it, and lets us drop ESP-null.

I believe this scenario was the original intent of RFCs 1825-1827.  I would
have no objections to reviving this way of doing things.

> If AH is actually needed, which some people have claimed in previous
> discussions, then the last strikes me as the best choice. 
> 
> Of course, this was likely discussed back before authentication was
> added to ESP. Why was it rejected then?

Some HW folks didn't think you could do AH in hardware.  I've heard other HW
folks (but only after the fact) say that you can indeed do AH in hardware.

ESP authentication was a knee-jerk reaction to Bellovin's analysis of
1825-1827.  He stated the threats of unauthenticated CBC encryption + replay
problems.  The knee-jerk reaction was to add both of these properties to ESP,
without first thinking that requiring a fixed AH with replay protection could
do the trick.

(Personally I thought that AH in hardware was not difficult, especially with
assist from the SW IPsec processing in the form of "exception vectors" that
tagged which bytes were to be treated as zero.)

Dan

---

Follow-Ups:

• Re: Require AH?
• From: Michael Thomas <mat@cisco.com>

References:

• Require AH?
• From: Sandy Harris <sandy@storm.ca>

---

• Prev by Date: Re: Simplifying IKE
• Next by Date: Re: having and eating cake? agressive mode with identity hiding
• Prev by thread: Require AH?
• Next by thread: Re: Require AH?
• Index(es):
  • Main
  • Thread