Re: AH (without ESP) on a secure gateway
Steven Bellovin <smb@research.att.com> Thu, 05 December 1996 02:27 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id VAA28042 for ipsec-outgoing; Wed, 4 Dec 1996 21:27:46 -0500 (EST)
Message-Id: <199612050226.VAA02599@raptor.research.att.com>
To: Daniel Harkins <dharkins@cisco.com>
cc: dpkemp@missi.ncsc.mil, ipsec@tis.com
Subject: Re: AH (without ESP) on a secure gateway
Date: Wed, 04 Dec 1996 21:26:05 -0500
From: Steven Bellovin <smb@research.att.com>
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
> David P. Kemp wrote: > > > From: Steven Bellovin <smb@research.att.com> > > > > > > There's a second issue that has come up here -- how does one know which > > > the right firewall is? This is one of the points I raised at the last > > > IETF meeting; in my opinion, it's very closely related to the naming > > > issue and the certificate issue, and we haven't really tackled either > > > of those. (See ftp://ftp.research.att.com/dist/smb/ipsec-cert.ps for > > > the (few) slides I used.) > > > > I thought there was only one firewall - Cheswick & Bellovin's > > collection of components that can't be bypassed. Therefore there > > isn't a "right" firewall. > > I think what he means is something you allude to later on when you mention > setting a policy to choose tunnel endpoints. How do you identify the > endpoint? How are you assured that FW A is, in fact, the appropriate on > with which to establish a connection? > > > > > +------+ ------------ > > +-------| FW A |>-----/ \ > > | +------+ | | > > +--------+ | | The Internet | +--------+ > > | Host 1 |------+ LAN | |----<| Host 6 | > > +--------+ | | | +--------+ > > | +------+ | | > > +-------| FW B |>----| | > > +------+ \ / > > ------------ > > > > If Host 6 initiates a connection to Host 1, it shouldn't matter whether > > the first packet of the SA setup gets routed to box "FW A" or "FW B" - > > they are both part of the firewall that isolates Host 1 from the Net. > > If the packet is addressed to Host 1 I would imagine either FW A or FW B > would drop it-- else they're not very good firewalls. Host 6 must decide what > the encrypting firewall for host 1 is-- what is the "right" firewall-- and > address packets to it. That is the crux of the problem. Once the SAs between > FW (whatever) and Host 6 are established it's plain old tunnel mode IPsec: > > [IP:host6->FWx] [ESP] [IP:host6->host1] [blah] > > Dan. Basically. More to the point, you want to make sure that hackers-r-us.edu doesn't claim to the the firewall for spooks.nsa.gov (or some such). Either spooks.nsa.gov or nsa.gov can delegate such control -- and we need mechanisms to check that.
- AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway pau
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway William Allen Simpson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway David P. Kemp
- Re: Re[2]: AH (without ESP) on a secure gateway Ran Atkinson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway Daniel Harkins
- Re: AH (without ESP) on a secure gateway Hilarie Orman
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: Re[2]: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re[4]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: Re[4]: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re[4]: AH (without ESP) on a secure gateway Karl Fox
- Re[5]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[5]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: Re[5]: AH (without ESP) on a secure gateway Bob Monsour
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re: Re[5]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Brian McKenney
- Re: AH (without ESP) on a secure gateway Perry E. Metzger
- Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Brian McKenney
- Re: AH (without ESP) on a secure gateway Ran Atkinson
- Re: Re[5]: AH (without ESP) on a secure gateway Ran Atkinson
- Re: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re: Re[2]: AH (without ESP) on a secure gateway Uri Blumenthal
- Re: AH (without ESP) on a secure gateway Daniel Harkins
- Re: Re[2]: AH (without ESP) on a secure gateway Naganand Doraswamy
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re: Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re: Re[2]: AH (without ESP) on a secure gateway Dan Frommer