AH (without ESP) on a secure gateway

"Whelan, Bill" <bwhelan@nei.com> Tue, 26 November 1996 12:32 UTC

Received: from cnri by ietf.org id aa15826; 26 Nov 96 7:32 EST
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa08036; 26 Nov 96 7:32 EST
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id HAA12729 for ipsec-outgoing; Tue, 26 Nov 1996 07:18:40 -0500 (EST)
Date: Mon, 25 Nov 1996 18:59:16 -0500
From: "Whelan, Bill" <bwhelan@nei.com>
Message-Id: <9610258489.AA848977264@netx.nei.com>
To: ipsec@tis.com
Subject: AH (without ESP) on a secure gateway
Sender: owner-ipsec@ex.tis.com
Precedence: bulk

     Last month there was a question regarding ESP and AH on a secure 
     gateway as in the following model.

     
       secure                 (untrusted)         secure
       hostA  gatewayA---------------------------gatewayB  hostB
        |      |                                     |      |
       ----------                                   -----------
      (trusted subnet)                             (trusted subnet)
     
     
     My question is whether AH on a secure gateway even makes sense at all 
     if ESP is not being performed.
     
     Consider hostA sending a packet to hostB.  If gatewayA places an AH on 
     the packet, it would appear as if it was authenticated by hostA, not a 
     good idea in my mind.
     
     How do other secure gateway implementations handle this situation?
     
     Bill Whelan