Re: [IPsec] Avoiding Authentication Header (AH)
Nico Williams <nico@cryptonector.com> Tue, 03 January 2012 23:41 UTC
Return-Path: <nico@cryptonector.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D19811E808D for <ipsec@ietfa.amsl.com>; Tue, 3 Jan 2012 15:41:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.918
X-Spam-Level:
X-Spam-Status: No, score=-1.918 tagged_above=-999 required=5 tests=[AWL=0.059, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pglBSSc-VTru for <ipsec@ietfa.amsl.com>; Tue, 3 Jan 2012 15:41:49 -0800 (PST)
Received: from homiemail-a71.g.dreamhost.com (caiajhbdcaid.dreamhost.com [208.97.132.83]) by ietfa.amsl.com (Postfix) with ESMTP id 7723411E8097 for <ipsec@ietf.org>; Tue, 3 Jan 2012 15:41:48 -0800 (PST)
Received: from homiemail-a71.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a71.g.dreamhost.com (Postfix) with ESMTP id BC61C428096 for <ipsec@ietf.org>; Tue, 3 Jan 2012 15:41:47 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc :content-type:content-transfer-encoding; q=dns; s= cryptonector.com; b=CnPg+CjANhmSSrL2p6+6F0ahJiR8l2QYP8w/Aa+1nqRa 2jXGqr4PIbumjMeK6vA3dKBWsVR0UGRu36uK7eaCn6OoyE1j/jB48skVNd6X4o5g HAcXVk0zj1jbkGWPLfDSE6IaOqxqjLctE2AlCHFm5YMLkRk9vcRl2Luw22kkfag=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type:content-transfer-encoding; s= cryptonector.com; bh=4NeYnHAx3T0HXbUF87R02GEOomw=; b=psLVxjHljID hiGEFKs/y6M4JbJJw3tek12hZErGGSohsLyKpF4rDbJ1sqQntkGFu1vYNNuA4WRR y7H6MU6qqzuowSsWUxqM+/XV+ofEag15vu5cov1mZprG9zeYv6UJ0R/4rOD1kEl8 AmeLB30Vwj+DY79wGFwWR/07XLCAo+j8=
Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com [209.85.210.44]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a71.g.dreamhost.com (Postfix) with ESMTPSA id A724C428086 for <ipsec@ietf.org>; Tue, 3 Jan 2012 15:41:47 -0800 (PST)
Received: by dajz8 with SMTP id z8so15910011daj.31 for <ipsec@ietf.org>; Tue, 03 Jan 2012 15:41:47 -0800 (PST)
MIME-Version: 1.0
Received: by 10.68.211.161 with SMTP id nd1mr16637339pbc.50.1325634107132; Tue, 03 Jan 2012 15:41:47 -0800 (PST)
Received: by 10.68.10.234 with HTTP; Tue, 3 Jan 2012 15:41:47 -0800 (PST)
In-Reply-To: <470A0DC9-FD87-4EE4-8F23-227D86AD2B54@gmail.com>
References: <12533D04-6B3F-490F-935B-4F1FA612C938@gmail.com> <7C362EEF9C7896468B36C9B79200D8350D027BB46F@INBANSXCHMBSA1.in.alcatel-lucent.com> <F1B15794-3291-4E71-BE26-A3559F408B01@gmail.com> <CAK3OfOh6uCm_Zyt0HTx3TAYPVuJeVrJmEWcGBujGRx=m90NNTQ@mail.gmail.com> <31DFE5C9-2DE0-4A1B-A216-AE8F47E75109@gmail.com> <CAK3OfOik9o6+PJYrXCgJqiG=Ys2GL_u4n8HZzSt=-qhJBjJxgg@mail.gmail.com> <470A0DC9-FD87-4EE4-8F23-227D86AD2B54@gmail.com>
Date: Tue, 03 Jan 2012 17:41:47 -0600
Message-ID: <CAK3OfOgC-K5hPiJrGhjUPwNu4Lyq9fW_1OtBuA0RvFEfunv=iQ@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: RJ Atkinson <rja.lists@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: IPsec ME WG List <ipsec@ietf.org>
Subject: Re: [IPsec] Avoiding Authentication Header (AH)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2012 23:41:49 -0000
On Mon, Jan 2, 2012 at 7:34 PM, RJ Atkinson <rja.lists@gmail.com> wrote: > On 02 Jan 2012, at 20:06 , Nico Williams wrote: >> On Mon, Jan 2, 2012 at 6:45 PM, RJ Atkinson <rja.lists@gmail.com> wrote: >> With tunnel mode you effectively repeat the options inside and outside >> the tunnel. > > One could repeat the headers; some implementations don't. > It doesn't help transit devices to repeat the headers > if they can't validate them before acting upon them. > >> Routers can't validate the integrity protection >> regardless of whether AH or ESP-NULL in tunnel mode is used, > > Disagree. Intermediate authentication can be performed > by routers/firewalls, at least when AH is used. The > router/firewall could then act on the options in the > packet having reasonable assurance that the option itself, > and its contents, were valid for that packet. OK, so you have networks using manually keyed SAs with routers/firewalls sharing the same SAs. I hadn't considered that as it isn't exactly scalable. But fair enough. >> but assuming that an attacker can only modify options at one place in the >> path then the recipient can see that options were modified. > > Unfortunately, it is not really a generally valid assumption > that there is only 1 potential attack point along a path. I elided the point that an attacker who can modify the packets close to the sender and recipient could hide any in-flight changes from the recipient. But if there are middle-boxes with access to the SAs' keys then that doesn't apply. >>> Sadly, at present there is still no 100% reliable >>> method for parsing past an ESP header with NULL encryption. >>> There are various documents describing methods which >>> have various success probabilities, but none that is >>> 100% reliable. >> >> Sure, this is necessarily true until any replacement for AH is >> universally deployed and that indicates that only integrity >> protection is provided. > > If some such mechanism exists, and if it provides 100% reliable > ability to parse-past/parse-into, and if it is plausibly efficient > to parse-into/parse-past in real-time for high-performance > switches/routers/firewalls, then this discussion might be > more useful than it is at present. That is rather a lot > of IFs, however, none of which seem true today. Fair enough. Nico --
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Paul Hoffman
- Re: [IPsec] Avoiding Authentication Header (AH) Venkatesh Sriram
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Dan Harkins
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- [IPsec] WESP and reliability Paul Hoffman
- Re: [IPsec] WESP and reliability RJ Atkinson
- Re: [IPsec] WESP and reliability Paul Hoffman
- Re: [IPsec] Avoiding Authentication Header (AH) Dan Harkins
- Re: [IPsec] WESP and reliability Yaron Sheffer
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] WESP and reliability Bhatia, Manav (Manav)
- Re: [IPsec] WESP and reliability Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Sean Turner
- Re: [IPsec] WESP and reliability Yaron Sheffer
- Re: [IPsec] Avoiding Authentication Header (AH) Yaron Sheffer
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Tero Kivinen
- Re: [IPsec] Avoiding Authentication Header (AH) Tero Kivinen
- Re: [IPsec] Avoiding Authentication Header (AH) Markku Savela
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Tero Kivinen
- Re: [IPsec] Avoiding Authentication Header (AH) Yoav Nir
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Panos Kampanakis