Re: AH (without ESP) on a secure gateway
mckenney@mitre.org (Brian McKenney) Wed, 04 December 1996 14:02 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id JAA26254 for ipsec-outgoing; Wed, 4 Dec 1996 09:02:39 -0500 (EST)
Date: Wed, 04 Dec 1996 09:02:40 -0500
X-Sender: mckenney@smiley.mitre.org
Message-Id: <v01510101aecae55b0c59@[128.29.140.130]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: Steven Bellovin <smb@research.att.com>
From: mckenney@mitre.org
Subject: Re: AH (without ESP) on a secure gateway
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
>It's very clear to me that firewall-to-firewall IPSEC -- whether it's >ESP or AH -- should be done *only* in tunnel mode. To do otherwise >is inviting trouble. In fact, I had thought that was what was done -- >no other possibility had occurred to me. This is more an implementation issue rather than a standards issue. If you have an IPSEC-compliant firewall, then ESP Transport Mode could be used for firewall-to-firewall encryption. Vendors should note in their documentation about possible problems and issues with this mode for firewall-to-firewall communications. The documentation should address threat environments, likelihood of threats, and whether some threats go away with certain transforms. Maybe Section 5.1, Use with Firewalls (in Security Architecture for the Internet Protocol), should provide a discussion of this issue. Your concerns also apply to desktop-to-desktop IPSEC. An example of standard vs. implementation is key management. The standard notes that manual key management can be performed. I remember reading one vendor manual that provides a warning that you should not communicate SA attributes over a cordless telephone. This is completely outside the scope of the standard. -Brian
- AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway pau
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway William Allen Simpson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway David P. Kemp
- Re: Re[2]: AH (without ESP) on a secure gateway Ran Atkinson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway Daniel Harkins
- Re: AH (without ESP) on a secure gateway Hilarie Orman
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: Re[2]: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re[4]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: Re[4]: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re[4]: AH (without ESP) on a secure gateway Karl Fox
- Re[5]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[5]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: Re[5]: AH (without ESP) on a secure gateway Bob Monsour
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re: Re[5]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Brian McKenney
- Re: AH (without ESP) on a secure gateway Perry E. Metzger
- Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Brian McKenney
- Re: AH (without ESP) on a secure gateway Ran Atkinson
- Re: Re[5]: AH (without ESP) on a secure gateway Ran Atkinson
- Re: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re: Re[2]: AH (without ESP) on a secure gateway Uri Blumenthal
- Re: AH (without ESP) on a secure gateway Daniel Harkins
- Re: Re[2]: AH (without ESP) on a secure gateway Naganand Doraswamy
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re: Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re: Re[2]: AH (without ESP) on a secure gateway Dan Frommer