IETF Logo Mail Archive

Re: [IPsec] Avoiding Authentication Header (AH)

Nico Williams <nico@cryptonector.com> Tue, 03 January 2012 01:06 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03EA321F8575 for <ipsec@ietfa.amsl.com>; Mon, 2 Jan 2012 17:06:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.914
X-Spam-Level:
X-Spam-Status: No, score=-1.914 tagged_above=-999 required=5 tests=[AWL=0.064, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iGutbEvBBRgY for <ipsec@ietfa.amsl.com>; Mon, 2 Jan 2012 17:06:19 -0800 (PST)
Received: from homiemail-a88.g.dreamhost.com (caiajhbdccah.dreamhost.com [208.97.132.207]) by ietfa.amsl.com (Postfix) with ESMTP id 3A29F21F856E for <ipsec@ietf.org>; Mon, 2 Jan 2012 17:06:19 -0800 (PST)
Received: from homiemail-a88.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a88.g.dreamhost.com (Postfix) with ESMTP id DE78E26406C for <ipsec@ietf.org>; Mon, 2 Jan 2012 17:06:18 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=fIz5SWtec1dm97Y42P6NAsaQB+cPy5ObApfaTgkvOUfk lovygy3Z/iI6FHFLGdhJCxUAJqznmJYvXzaEY6MN9o8S+6ybtV0cKOtNsaWEyYhi jqHmWqzhzhkZzfaqSIGLcHMPkR6MLK/Qr9LxXa4Y/YGTMOxRwBLPtqC0nwKaC/k=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=w9+ibiG0khUX4v3M3drXIQRv3Ns=; b=pQBquW0cDL3 wceAoQkOhkwQwtoQGIYu4C2AGac0ti5K7NwrZkfRAAVJcsPuswA0O16/If7WPLm8 QsXupNel8H/5bm1SF/g4KQjkOCyMDZL0wGx77xxU2kTZYahC054JDlsYvoWOQ+7I Rqx3fmJ3l/ecMKEtRPgFmYxX7culnH3I=
Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com [209.85.210.44]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a88.g.dreamhost.com (Postfix) with ESMTPSA id C15CC26406A for <ipsec@ietf.org>; Mon, 2 Jan 2012 17:06:18 -0800 (PST)
Received: by dajz8 with SMTP id z8so15206298daj.31 for <ipsec@ietf.org>; Mon, 02 Jan 2012 17:06:18 -0800 (PST)
MIME-Version: 1.0
Received: by 10.68.211.161 with SMTP id nd1mr7363537pbc.50.1325552778486; Mon, 02 Jan 2012 17:06:18 -0800 (PST)
Received: by 10.68.10.234 with HTTP; Mon, 2 Jan 2012 17:06:18 -0800 (PST)
In-Reply-To: <31DFE5C9-2DE0-4A1B-A216-AE8F47E75109@gmail.com>
References: <12533D04-6B3F-490F-935B-4F1FA612C938@gmail.com> <7C362EEF9C7896468B36C9B79200D8350D027BB46F@INBANSXCHMBSA1.in.alcatel-lucent.com> <F1B15794-3291-4E71-BE26-A3559F408B01@gmail.com> <CAK3OfOh6uCm_Zyt0HTx3TAYPVuJeVrJmEWcGBujGRx=m90NNTQ@mail.gmail.com> <31DFE5C9-2DE0-4A1B-A216-AE8F47E75109@gmail.com>
Date: Mon, 02 Jan 2012 19:06:18 -0600
Message-ID: <CAK3OfOik9o6+PJYrXCgJqiG=Ys2GL_u4n8HZzSt=-qhJBjJxgg@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: RJ Atkinson <rja.lists@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: IPsec ME WG List <ipsec@ietf.org>
Subject: Re: [IPsec] Avoiding Authentication Header (AH)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2012 01:06:20 -0000

On Mon, Jan 2, 2012 at 6:45 PM, RJ Atkinson <rja.lists@gmail.com> wrote:
> On 02  Jan 2012, at 19:28 , Nico Williams wrote:
>> On Mon, Jan 2, 2012 at 3:11 PM, RJ Atkinson <rja.lists@gmail.com> wrote:
>>> I gave a list earlier of a number of different scenarios where
>>> and reasons why AH is used.  A subset of that list:
>>>        - ESP null does not protect options/optional headers.
>>
>> ESP in tunnel mode is supposed to be the replacement for AH,
>> and gets you this.
>
> Sadly, it cannot do so.
>
> Tunnel-mode isn't especially helpful here -- particularly
> for options or optional headers that are intended to be
> read/seen and their contents considered when forwarding
> transit IP packets.

With tunnel mode you effectively repeat the options inside and outside
the tunnel.  Routers can't validate the integrity protection
regardless of whether AH or ESP-NULL in tunnel mode is used, but
assuming that an attacker can only modify options at one place in the
path then the recipient can see that options were modified.

This is applies to both, IPv4 and v6.

>>>        - ESP null cannot reliably be parsed past.
>>
>> WESP is supposed to provide this.
>
> Sadly, at present there is still no 100% reliable
> method for parsing past an ESP header with NULL encryption.
> There are various documents describing methods which
> have various success probabilities, but none that is
> 100% reliable.

Sure, this is necessarily true until any replacement for AH is
universally deployed and that indicates that only integrity protection
is provided.

Nico
--

v2.23.0 | Report a Bug | By Email