RE: [Ipsec] Is AH + ESP required or needed in IKEv2

["Charlie Kaufman" <charliek@microsoft.com>]

I expect using ESP and AH together as you describe will be an obscure
case, and if we could have ruled them out early in the design of IKEv2
it could have simplified things. I hope that it's too late to remove the
option in this revision of IKE - perhaps if we can agree that no one
would ever want to do it, it could be removed from the next one. This
configuration used to have some vocal adherents, though that was long
ago.

I believe there are two distinct cases that RFC2401bis has to deal with,
but IKE only has to deal with one of them.

An endpoint could have an IPsec SA to a firewall and within that tunnel
have an IPsec SA to an endpoint beyond the firewall. One could imagine
cases where there are an unbounded number such nested tunnels all
terminating at the same endpoint. RFC2401bis has to deal with that.

IKE is more oblivious because the recursion is not built in. In the
example above, one instance of IKE could negotiate the tunnel to the
firewall and then a second instance of IKE would run through the tunnel
to negotiate the IPsec SA with the other endpoint. Timeouts would occur
independently, and one could imagine the inner tunnel getting rerouted
though a different outer tunnel if configurations changed. The
authenticated identities would be different on the different tunnels.
They might even be different at the common endpoint. The outer tunnel
might authenticate as the computer while the inner tunnel might
authenticate as the user.

This is entirely different from the case where ESP and AH are negotiated
together. It would be artificial and awkward to first establish the AH
tunnel and to then tunnel a second IKE exchange inside the AH tunnel to
negotiate ESP. The double authentication would be wasteful and
confusing. So I believe it's appropriate that IKE understand this double
protocol case.

As I reread this note, I apologize for how confusing it is. I hope that
the few people into this esoteric stuff will be able to parse it.

	--Charlie


-----Original Message-----
From: ipsec-bounces@ietf.org [mailto:ipsec-bounces@ietf.org] On Behalf
Of Tero Kivinen
Sent: Wednesday, August 25, 2004 3:55 AM
To: ipsec@ietf.org
Cc: Charlie Kaufman; kent@bbn.com
Subject: [Ipsec] Is AH + ESP required or needed in IKEv2

The current IKEv2 draft still has this feature that we can negotiate
two protocols at the same time, i.e we can negotiate AH with SHA-1 and
ESP with AES using one IKE exchange (between same endpoints, i.e
traffic selectors are proto=any, IPi=A, IPr=B).

For my understanding the RFC2401bis does not require this feature
anymore, but it assumes that such constructs are negotiated so that we
first negotiate the AH with SHA-1 where its traffic selectors are set
to proto=ESP, IPi=A, IPr=B and then we do second IKE exchange and
negotiate ESP SA between the nodes having traffic selectors proto=ANY,
IPi=A, IPr=B.

Is my understanding correct?

So this means that all IKE security association payloads always have
list of proposals which all only have one protocol inside.
-- 
kivinen@safenet-inc.com

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec

_______________________________________________
Ipsec mailing list
Ipsec@ietf.org
https://www1.ietf.org/mailman/listinfo/ipsec