Re[2]: AH (without ESP) on a secure gateway

Stephen Kent <kent@bbn.com> Wed, 04 December 1996 16:48 UTC

Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id LAA26774 for ipsec-outgoing; Wed, 4 Dec 1996 11:48:08 -0500 (EST)
X-Sender: kent@po1.bbn.com
Message-Id: <v03007801aecb5b44e8f7@[128.89.0.110]>
In-Reply-To: <9611048497.AA849717071@netx.nei.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 04 Dec 1996 11:51:43 -0500
To: "Whelan, Bill" <bwhelan@nei.com>
From: Stephen Kent <kent@bbn.com>
Subject: Re[2]: AH (without ESP) on a secure gateway
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

Bill,

	You were absoluitely right to raise this issue; the debate that
ensued, on both sides, clearly showed the need for the discussion.  I think
the architecture and AH specs have not been clear about this.  In fact, I
am willing to bet that my re-write didn't get this right either!  Contrary
to the suggestion made by Brian McKenney, I do think this is a standards
issue.  If two security gateways (to use the terminology in the IPSEC
documents) choose to use AH in transport mode between themselves, to create
an authentticated and integrity protected securiry association for all
traffic between the sites, this will impinge on the ability of subscriber
hosts served by these gatewatys to make use of AH in transport mode.  Thus,
to avoid deployment of security gateways that can be configured in a
fashion that would cause such problems, and because there are alternative
IPSEC configurations that will achieve the desired security goals, I think
it imperative that the standards prohibit this use of AH.

Steve