[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on draft-ietf-ipsec-rfc2402bis-03.txt based on SENDWG experiences

To: Stephen Kent <kent@bbn.com>
Subject: Re: Comments on draft-ietf-ipsec-rfc2402bis-03.txt based on SENDWG experiences
From: Tero Kivinen <kivinen@ssh.fi>
Date: Wed, 18 Jun 2003 09:28:25 +0300
Cc: Pekka Nikander <pekka.nikander@nomadiclab.com>, Barbara Fraser <byfraser@cisco.com>, ipsec@lists.tislabs.com, tytso@mit.edu, James Kempf <kempf@docomolabs-usa.com>, SEND WG <ietf-send@standards.ericsson.net>
In-Reply-To: <p0521060abb1582a7f219@[12.159.173.182]>
Organization: SSH Communications Security Oy
References: <4.3.2.7.2.20030526181608.04a3df00@mira-sjc5-4.cisco.com><3EEC2C43.9060302@nomadiclab.com><p0521060abb1582a7f219@[12.159.173.182]>
Sender: owner-ipsec@lists.tislabs.com

Stephen Kent writes:
> syntax from 2402. Suggesting that we change AH to accommodate SEND's 
> possible use of it, in a fashion not consistent with the current 
> specs, is asking quite a lot.

The SEND is a user of the AH. Are there any other real users for the
AH? In earlier days there was people saying that we should remove the
whole AH as nobody uses. Now there seems to be SEND that is using it,
but they want to do something differently. Do we want to say to our
(only?) user that no we do not allow you to do anything differently?

Do we want them to create another protocol replacing their use of AH?
Another people who have been saying that they want to use AH is Mobile
IP people. What do they want? Is the current spec fine with them or do
the want similar processing than SEND?

Actually they quite often want to do demultiplexing based on the
fields inside the mobility or routing header not the outer IP address.
I.e they might need different demultiplexing algorithm too.

So the real questions are:

Is there any use for the AH as it is now specified?

What are application(s) / protocol(s) which will use it?

If we cannot answer to those questions I think we should drop the
current AH from the IPsec WG and say that SEND/Mobile IP etc can
specify it so that it will be suitable for them :-)

I do not want any generic text saying "someone might want to use it if
the phase of the moon is full and ..., and,... and ... export control
... and ... goverment ... and ...".

I do want current real word example (where the current AH as specified
in the current document) is actually used or is planned to be used. I
do NOT see any use for the AH on the VPNs or road warriors IPsec
clients. 
-- 
kivinen@ssh.fi
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/

Follow-Ups:
- Re: Comments on draft-ietf-ipsec-rfc2402bis-03.txt based on SEND WG experiences
  - From: itojun@iijlab.net
- Re: Comments on draft-ietf-ipsec-rfc2402bis-03.txt based on SEND WG experiences
  - From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
- SEND vs. IPsec AH (was Re: Comments on draft-ietf-ipsec-rfc2402bis-03.txt...)
  - From: Pekka Nikander <pekka.nikander@nomadiclab.com>
- Re: Comments on draft-ietf-ipsec-rfc2402bis-03.txt based on SEND WG experiences
  - From: Stephen Kent <kent@bbn.com>

References:
- Comments on draft-ietf-ipsec-rfc2402bis-03.txt based on SEND WG experiences
  - From: Pekka Nikander <pekka.nikander@nomadiclab.com>
- Re: Comments on draft-ietf-ipsec-rfc2402bis-03.txt based on SENDWG experiences
  - From: Stephen Kent <kent@bbn.com>

Prev by Date: Re: AHbis WG LC: need for source address based selectors
Next by Date: Re: Comments on draft-ietf-ipsec-rfc2402bis-03.txt based on SEND WG experiences
Prev by thread: Re: Comments on draft-ietf-ipsec-rfc2402bis-03.txt based on SENDWG experiences
Next by thread: Re: Comments on draft-ietf-ipsec-rfc2402bis-03.txt based on SEND WG experiences
Index(es):
- Date
- Thread