Re[2]: AH (without ESP) on a secure gateway
mckenney@mitre.org (Brian McKenney) Wed, 04 December 1996 18:33 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id NAA27189 for ipsec-outgoing; Wed, 4 Dec 1996 13:33:11 -0500 (EST)
Date: Wed, 04 Dec 1996 13:32:57 -0500
X-Sender: mckenney@smiley.mitre.org
Message-Id: <v01510100aecb2673d009@[128.29.140.130]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
To: Stephen Kent <kent@bbn.com>
From: mckenney@mitre.org
Subject: Re[2]: AH (without ESP) on a secure gateway
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
Steve, I agree with you. My statement was too strong. I did suggest that these issues (issue of tunnel mode only for firewall-to-firewall communications raised by Steve Bellovin) be discussed in one or more of the RFCs (e.g., Section 5.1, Use With Firewalls, in Security Architecture for Internet Protocol). The point I was making (or tried to make) is that the selection of particular configurable options or parameters defined in a standard may not be safe for specific threat environments. If these issues (or red flags) (with particular IPSEC configurations) are not dicussed in the standard then they should be discussed in vendor product literature. -Brian >Bill, > > You were absoluitely right to raise this issue; the debate that >ensued, on both sides, clearly showed the need for the discussion. I think >the architecture and AH specs have not been clear about this. In fact, I >am willing to bet that my re-write didn't get this right either! Contrary >to the suggestion made by Brian McKenney, I do think this is a standards >issue. If two security gateways (to use the terminology in the IPSEC >documents) choose to use AH in transport mode between themselves, to create >an authentticated and integrity protected securiry association for all >traffic between the sites, this will impinge on the ability of subscriber >hosts served by these gatewatys to make use of AH in transport mode. Thus, >to avoid deployment of security gateways that can be configured in a >fashion that would cause such problems, and because there are alternative >IPSEC configurations that will achieve the desired security goals, I think >it imperative that the standards prohibit this use of AH. > >Steve
- AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway pau
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway William Allen Simpson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway David P. Kemp
- Re: Re[2]: AH (without ESP) on a secure gateway Ran Atkinson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway Daniel Harkins
- Re: AH (without ESP) on a secure gateway Hilarie Orman
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: Re[2]: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re[4]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: Re[4]: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re[4]: AH (without ESP) on a secure gateway Karl Fox
- Re[5]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[5]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: Re[5]: AH (without ESP) on a secure gateway Bob Monsour
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re: Re[5]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Brian McKenney
- Re: AH (without ESP) on a secure gateway Perry E. Metzger
- Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Brian McKenney
- Re: AH (without ESP) on a secure gateway Ran Atkinson
- Re: Re[5]: AH (without ESP) on a secure gateway Ran Atkinson
- Re: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re: Re[2]: AH (without ESP) on a secure gateway Uri Blumenthal
- Re: AH (without ESP) on a secure gateway Daniel Harkins
- Re: Re[2]: AH (without ESP) on a secure gateway Naganand Doraswamy
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re: Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re: Re[2]: AH (without ESP) on a secure gateway Dan Frommer