Re: AH (without ESP) on a secure gateway

"Perry E. Metzger" <perry@piermont.com> Wed, 04 December 1996 15:17 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id KAA26600 for ipsec-outgoing; Wed, 4 Dec 1996 10:17:43 -0500 (EST)
Message-Id: <199612041519.KAA13479@jekyll.piermont.com>
X-Authentication-Warning: jekyll.piermont.com: [[UNIX: localhost]] didn't use HELO protocol
To: Steven Bellovin <smb@research.att.com>
cc: Stephen Kent <kent@bbn.com>, Michael Richardson <mcr@sandelman.ottawa.on.ca>, ipsec@tis.com
Subject: Re: AH (without ESP) on a secure gateway
In-reply-to: Your message of "Tue, 03 Dec 1996 23:58:30 EST." <199612040458.XAA18260@raptor.research.att.com>
Reply-To: perry@piermont.com
X-Reposting-Policy: redistribute only with permission
Date: Wed, 04 Dec 1996 10:19:49 -0500
From: "Perry E. Metzger" <perry@piermont.com>
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Steven Bellovin writes:
> It's very clear to me that firewall-to-firewall IPSEC -- whether it's
> ESP or AH -- should be done *only* in tunnel mode.  To do otherwise
> is inviting trouble.  In fact, I had thought that was what was done --
> no other possibility had occurred to me.

Nor to me, for that matter, when the idea originated in the hallway at
Toronto a couple of years ago.

> There's a second issue that has come up here -- how does one know which
> the right firewall is?  This is one of the points I raised at the last
> IETF meeting; in my opinion, it's very closely related to the naming
> issue and the certificate issue, and we haven't really tackled either
> of those.

A notable void in our work to date...

Perry