Re[2]: AH (without ESP) on a secure gateway
Stephen Kent <kent@bbn.com> Wed, 04 December 1996 16:48 UTC
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id LAA26774 for ipsec-outgoing; Wed, 4 Dec 1996 11:48:08 -0500 (EST)
X-Sender: kent@po1.bbn.com
Message-Id: <v03007801aecb5b44e8f7@[128.89.0.110]>
In-Reply-To: <9611048497.AA849717071@netx.nei.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Wed, 04 Dec 1996 11:51:43 -0500
To: "Whelan, Bill" <bwhelan@nei.com>
From: Stephen Kent <kent@bbn.com>
Subject: Re[2]: AH (without ESP) on a secure gateway
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
Bill, You were absoluitely right to raise this issue; the debate that ensued, on both sides, clearly showed the need for the discussion. I think the architecture and AH specs have not been clear about this. In fact, I am willing to bet that my re-write didn't get this right either! Contrary to the suggestion made by Brian McKenney, I do think this is a standards issue. If two security gateways (to use the terminology in the IPSEC documents) choose to use AH in transport mode between themselves, to create an authentticated and integrity protected securiry association for all traffic between the sites, this will impinge on the ability of subscriber hosts served by these gatewatys to make use of AH in transport mode. Thus, to avoid deployment of security gateways that can be configured in a fashion that would cause such problems, and because there are alternative IPSEC configurations that will achieve the desired security goals, I think it imperative that the standards prohibit this use of AH. Steve
- AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway pau
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway William Allen Simpson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway David P. Kemp
- Re: Re[2]: AH (without ESP) on a secure gateway Ran Atkinson
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: AH (without ESP) on a secure gateway Daniel Harkins
- Re: AH (without ESP) on a secure gateway Hilarie Orman
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: Re[2]: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re[4]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: Re[4]: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re[4]: AH (without ESP) on a secure gateway Karl Fox
- Re[5]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re[5]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Michael Richardson
- Re: Re[5]: AH (without ESP) on a secure gateway Bob Monsour
- Re: AH (without ESP) on a secure gateway Stephen Kent
- Re: Re[5]: AH (without ESP) on a secure gateway Stephen Kent
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
- Re: AH (without ESP) on a secure gateway Brian McKenney
- Re: AH (without ESP) on a secure gateway Perry E. Metzger
- Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re[2]: AH (without ESP) on a secure gateway Brian McKenney
- Re: AH (without ESP) on a secure gateway Ran Atkinson
- Re: Re[5]: AH (without ESP) on a secure gateway Ran Atkinson
- Re: AH (without ESP) on a secure gateway Bill Sommerfeld
- Re: Re[2]: AH (without ESP) on a secure gateway Uri Blumenthal
- Re: AH (without ESP) on a secure gateway Daniel Harkins
- Re: Re[2]: AH (without ESP) on a secure gateway Naganand Doraswamy
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re: AH (without ESP) on a secure gateway Steven Bellovin
- Re: Re[2]: AH (without ESP) on a secure gateway Stephen Kent
- Re: Re[2]: AH (without ESP) on a secure gateway Dan Frommer