[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Require AH?

To: Stephen Kent <kent@bbn.com>
Subject: Re: Require AH?
From: Michael Thomas <mat@cisco.com>
Date: Thu, 16 Aug 2001 09:17:11 -0700 (PDT)
Cc: Michael Thomas <mat@cisco.com>, ipsec@lists.tislabs.com
In-Reply-To: <p0501040bb7a0aa66c22e@[128.33.238.53]>
References: <3B79500C.1367FCD3@storm.ca><200108141718.f7EHISo02668@kebe.east.sun.com><15226.35517.701351.186328@thomasm-u1.cisco.com><p0501040bb7a0aa66c22e@[128.33.238.53]>
Sender: owner-ipsec@lists.tislabs.com

Stephen Kent writes:
 > At 7:44 AM -0700 8/15/01, Michael Thomas wrote:
 > >    Actually, what would make me most happy would be to
 > >    have a single IPsec extension header which does
 > >    *everything*. This helps on the code/message
 > >    compactness front, as well as simplifying the
 > >    number of SADB entries, different protocols
 > >    handling, header traversal, etc. It seems to me
 > >    that if we had modes like gzip-aes-cbc-sha1 for
 > >    ESP transforms, we could get rid of both AH and
 > >    IPCOMP.
 > >
 > >		Mike
 > 
 > This has been suggested before, and rejected. In large part AH is 
 > ugly because it tries to cover the IP header, but there are so many 
 > fields that cannot be covered. this makes processing slower than ESP 
 > auth only. tunnel mode of auth only ESP addresses essentially all of 
 > the IPv4 motivations for having AH. The only open question is what 
 > IPv6 requirements are met by AH and not by this mode.
 > 
 > So, if we don't find a really good reason to retain AH, there is no 
 > good reason to create a new, different protocol to accommodate this 
 > combination of features. Also, this sort of new protocol would be 
 > more complex than either AH or ESP alone, which raises questions 
 > about whether we have achieved anything.  One can argue that two 
 > protocols, each of which is relatively simple, are better than one 
 > protocol that is more complex.

   There's quite a bit of complexity added by the
   addition and processing of multiple headers, both
   on the keying front and the kernel tasks. Interaction
   between the modes/headers requires a lot of explanation in
   2401, for example, and is frankly pretty confusing.
   To my simple mind a single header and a single 
   transform of, say, compress-encrypt-hash would be
   a lot more straighforward both on the understanding
   and coding parts. As is right now, there are many
   different ways to do the same thing, and it's possible
   to get into non-sensical combinations such as compression
   after encryption (even if the spec proscribes it). 
   Clearly, you could do such a bone headed thing with
   a single spec, but right now you have to look and 
   understand many RFC's to grasp that proscription. 
   I doubt this is the only example. Also the degrees
   of freedom afforded by multiple headers introduce
   their own level of interoperability problems. An
   implementation may very well, for example, have a
   nice modular way of plugging in new crypto algorithms,
   where it would be relatively simple to add a new
   transform which, say, does aes/lzw. Adding IPCOMP,
   however, has to be integrated into all of the 
   places that ESP was integrated. In my mind, that's
   a false modularity since it leads to duplicated
   processing (and the resultant possibility for
   mistakes) with no substantive differention of
   the code other than that of the gratuitous
   design-by-committee kind.

       Mike

Follow-Ups:

Re: Require AH?

From: Stephen Kent <kent@bbn.com>

References:

Require AH?

From: Sandy Harris <sandy@storm.ca>

Re: Require AH?

From: Dan McDonald <danmcd@East.Sun.COM>

Re: Require AH?

From: Michael Thomas <mat@cisco.com>

Re: Require AH?

From: Stephen Kent <kent@bbn.com>

Prev by Date: RE: [Design] Re: Wes Hardaker: opportunistic encryption deploymen t problems
Next by Date: RE: Simplifying IKE
Prev by thread: Re: Require AH?
Next by thread: Re: Require AH?
Index(es):
- Main
- Thread