Re: Re[2]: AH (without ESP) on a secure gateway

Ran Atkinson <rja@cisco.com> Wed, 04 December 1996 19:25 UTC

Date: Wed, 04 Dec 1996 11:11:35 -0800
From: Ran Atkinson <rja@cisco.com>
Message-Id: <199612041911.LAA02222@cornpuffs.cisco.com>
To: ipsec@tis.com
Subject: Re: Re[2]: AH (without ESP) on a secure gateway
In-Reply-To: <v03007802aec93e33ca30@[128.33.229.245]>
References: <9611028495.AA849549400@netx.nei.com>
Organization: cisco Systems
Cc: rja@cisco.com
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

	I believe that ESP should continue to always imply that encryption is
in use.  The presence/absence of encryption is the primary reason that AH is
separate from ESP.  Were it not for the political realities of regulation of
encryption in various locales, AH and ESP would not have been separate
protocols in the first place.  I am aware of cases where in practice more than
one government regulatory authority has been persuaded to handle AH export/use
licensing with significantly less hassle BECAUSE the AH spec does not support
encryption.

	I am aware that many implementers of AH have in fact implemented a
"tunnel-mode AH" (which looks like this: [ip:r1->r2][ah][ip:h1->h2][ulp],
where r1,r2 are security gateways and h1,h2 are end nodes).  I believe that
the best approach is to simply add a definition of this tunnel-mode AH into
the AH base specification.  This also has the virtue of having the least
amount of negative impact on interoperability of existing AH implementations.

Comments ?

Ran
rja@cisco.com

AH (without ESP) on a secure gateway Whelan, Bill
Re: AH (without ESP) on a secure gateway Michael Richardson
Re: AH (without ESP) on a secure gateway Michael Richardson
Re: AH (without ESP) on a secure gateway pau
Re: AH (without ESP) on a secure gateway Stephen Kent
Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
Re: AH (without ESP) on a secure gateway William Allen Simpson
Re: AH (without ESP) on a secure gateway Michael Richardson
Re: AH (without ESP) on a secure gateway David P. Kemp
Re: Re[2]: AH (without ESP) on a secure gateway Ran Atkinson
Re: AH (without ESP) on a secure gateway Michael Richardson
Re: AH (without ESP) on a secure gateway Daniel Harkins
Re: AH (without ESP) on a secure gateway Hilarie Orman
Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
Re: Re[2]: AH (without ESP) on a secure gateway Bill Sommerfeld
Re[4]: AH (without ESP) on a secure gateway Whelan, Bill
Re: Re[4]: AH (without ESP) on a secure gateway Bill Sommerfeld
Re[4]: AH (without ESP) on a secure gateway Karl Fox
Re[5]: AH (without ESP) on a secure gateway Whelan, Bill
Re: AH (without ESP) on a secure gateway Stephen Kent
Re[2]: AH (without ESP) on a secure gateway Stephen Kent
Re: AH (without ESP) on a secure gateway Stephen Kent
Re[5]: AH (without ESP) on a secure gateway Stephen Kent
Re: AH (without ESP) on a secure gateway Michael Richardson
Re: Re[5]: AH (without ESP) on a secure gateway Bob Monsour
Re: AH (without ESP) on a secure gateway Stephen Kent
Re: Re[5]: AH (without ESP) on a secure gateway Stephen Kent
Re: AH (without ESP) on a secure gateway Steven Bellovin
Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
Re: AH (without ESP) on a secure gateway Brian McKenney
Re: AH (without ESP) on a secure gateway Perry E. Metzger
Re[2]: AH (without ESP) on a secure gateway Stephen Kent
Re[2]: AH (without ESP) on a secure gateway Brian McKenney
Re: AH (without ESP) on a secure gateway Ran Atkinson
Re: Re[5]: AH (without ESP) on a secure gateway Ran Atkinson
Re: AH (without ESP) on a secure gateway Bill Sommerfeld
Re: Re[2]: AH (without ESP) on a secure gateway Uri Blumenthal
Re: AH (without ESP) on a secure gateway Daniel Harkins
Re: Re[2]: AH (without ESP) on a secure gateway Naganand Doraswamy
Re: AH (without ESP) on a secure gateway Steven Bellovin
Re: AH (without ESP) on a secure gateway Steven Bellovin
Re: Re[2]: AH (without ESP) on a secure gateway Stephen Kent
Re: Re[2]: AH (without ESP) on a secure gateway Dan Frommer