Re[2]: AH (without ESP) on a secure gateway

"Whelan, Bill" <bwhelan@nei.com> Mon, 02 December 1996 16:30 UTC

Date: Mon, 02 Dec 1996 09:55:58 -0500
From: "Whelan, Bill" <bwhelan@nei.com>
Message-Id: <9611028495.AA849549400@netx.nei.com>
To: ipsec@tis.com, Stephen Kent <kent@bbn.com>
Subject: Re[2]: AH (without ESP) on a secure gateway
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

 Steve,
     
     

 >AH is
 >nominally a "transport" mode security protocol, using the terminlogy 
 >adopted for ESP in the IPSEC context.  In this mode, AH cannot be
 >used unambiguously by a pair of firewalls, because it conflicts with 
 >possible use of AH by subscriber hosts served by these firewalls.
 
 Thanks, this ambiguity is the heart of my original question.
 
 >One can address this problem by tunneling between the firewalls,
 >and using AH in the exterior IP header.
 
 I agree - AH with ESP on a secure gateway seems pretty unambiguous.
 
 >One also can achieve a similar (though not identical)  capability by 
 >using ESP in tunnel mode, but NOT electing to perform encryption.  Since 
 >ESP is being revised to be general enough to NOT requre encryption, this 
 >would address the export or import concerns cited earlier.
 
 Hmm, this might be a solution, but it seems somewhat expensive.  Would all 
 host systems providing AH need to provide ESP to handle the possibility 
 they are communicating through a gateway?
     
     
 >Steve
 
 Bill

AH (without ESP) on a secure gateway Whelan, Bill
Re: AH (without ESP) on a secure gateway Michael Richardson
Re: AH (without ESP) on a secure gateway Michael Richardson
Re: AH (without ESP) on a secure gateway pau
Re: AH (without ESP) on a secure gateway Stephen Kent
Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
Re: AH (without ESP) on a secure gateway William Allen Simpson
Re: AH (without ESP) on a secure gateway Michael Richardson
Re: AH (without ESP) on a secure gateway David P. Kemp
Re: Re[2]: AH (without ESP) on a secure gateway Ran Atkinson
Re: AH (without ESP) on a secure gateway Michael Richardson
Re: AH (without ESP) on a secure gateway Daniel Harkins
Re: AH (without ESP) on a secure gateway Hilarie Orman
Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
Re: Re[2]: AH (without ESP) on a secure gateway Bill Sommerfeld
Re[4]: AH (without ESP) on a secure gateway Whelan, Bill
Re: Re[4]: AH (without ESP) on a secure gateway Bill Sommerfeld
Re[4]: AH (without ESP) on a secure gateway Karl Fox
Re[5]: AH (without ESP) on a secure gateway Whelan, Bill
Re: AH (without ESP) on a secure gateway Stephen Kent
Re[2]: AH (without ESP) on a secure gateway Stephen Kent
Re: AH (without ESP) on a secure gateway Stephen Kent
Re[5]: AH (without ESP) on a secure gateway Stephen Kent
Re: AH (without ESP) on a secure gateway Michael Richardson
Re: Re[5]: AH (without ESP) on a secure gateway Bob Monsour
Re: AH (without ESP) on a secure gateway Stephen Kent
Re: Re[5]: AH (without ESP) on a secure gateway Stephen Kent
Re: AH (without ESP) on a secure gateway Steven Bellovin
Re[2]: AH (without ESP) on a secure gateway Whelan, Bill
Re: AH (without ESP) on a secure gateway Brian McKenney
Re: AH (without ESP) on a secure gateway Perry E. Metzger
Re[2]: AH (without ESP) on a secure gateway Stephen Kent
Re[2]: AH (without ESP) on a secure gateway Brian McKenney
Re: AH (without ESP) on a secure gateway Ran Atkinson
Re: Re[5]: AH (without ESP) on a secure gateway Ran Atkinson
Re: AH (without ESP) on a secure gateway Bill Sommerfeld
Re: Re[2]: AH (without ESP) on a secure gateway Uri Blumenthal
Re: AH (without ESP) on a secure gateway Daniel Harkins
Re: Re[2]: AH (without ESP) on a secure gateway Naganand Doraswamy
Re: AH (without ESP) on a secure gateway Steven Bellovin
Re: AH (without ESP) on a secure gateway Steven Bellovin
Re: Re[2]: AH (without ESP) on a secure gateway Stephen Kent
Re: Re[2]: AH (without ESP) on a secure gateway Dan Frommer