[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Simplifying IKE

To: Chris Trobridge <CTrobridge@baltimore.com>
Subject: RE: Simplifying IKE
From: Stephen Kent <kent@bbn.com>
Date: Tue, 14 Aug 2001 19:09:04 -0400
Cc: ipsec@lists.tislabs.com
In-Reply-To: <F86F34FDF1F9D411B7A40008C74C27B8028A29@hhdata3.cdsemea.baltimore.com>
References: <F86F34FDF1F9D411B7A40008C74C27B8028A29@hhdata3.cdsemea.baltimore.com>
Sender: owner-ipsec@lists.tislabs.com

At 7:59 AM +0100 8/8/01, Chris Trobridge wrote:
>I have to admit I started in the "keep tunnelling - los transport" camp, but
>with more experience I would definitely prefer transport mode + IP-in-IP.
>This makes gateways and end-to-end cases identical.  It also separates
>routing issues associated with tunnelling from IPSEC.

remember that a major difference between tunnel and transport modes 
is what headers are examined for access control purposes. if one 
changes to IP-in-IP tunneling above IPsec, it would be important to 
retain this security facility, which means we still need to know 
where to look in the stack, ...

>I'd also like to see all IPSEC traffic between two hosts carried by just one
>SA.  I can't see any value in using multiple SAs between to hosts.  IPSEC
>should be just providing a secure pipe between two hosts - what goes through
>it is better regulated by a firewall.  There is an argument that you might
>want to use different strengths of crypto for performance reasons but there
>is generally a focus on performing one type of encryption really well rather
>than supporting multiple types.

IPsec is not designed to be just an encryption protocol. It provides 
access control comparable to that of a static, packet filtering 
firewall, but with per-SA authentication that a firewall, if placed 
behind an IPsec device, cannot provide.

>
>I'm less keen on AH and would lose it if at all possible.  Authenticated ESP
>provides authentication, integrity and anti-replay of the IP payload - what
>do you care if the IP header has been tampered with?  (what is missing from
>ESP auth - just the destination IP address?).  Per-hop use of SAs currently
>appears limited as keys are typically only shared by the end-points.
>
>I would like to see things like null encryption and specific algorithms not
>being MUST (or even plaintext bypass).  My main reason for this is that you
>can reject these by policy anyway but that exclusion from build is required
>for products that go through tough security evaluations.

Null encryption and null authentication are artifices, because IKE 
had allocated two slots for algorithms for ESP, before we allowed 
modular security service use. One could do away with these 
conventions in a reengineered IKE.

Steve

Follow-Ups:

RE: Simplifying IKE

From: "Lars Eggert" <larse@ISI.EDU>

References:

RE: Simplifying IKE

From: Chris Trobridge <CTrobridge@baltimore.com>

Prev by Date: Re: Simplifying IKE
Next by Date: RE: Simplifying IKE
Prev by thread: RE: Simplifying IKE
Next by thread: RE: Simplifying IKE
Index(es):
- Main
- Thread