On 06/19/2003 01:49 PM, martin f krafft wrote:
> As far as I can tell, IPsec's ESP has the functionality of
> authentication and integrity built in:

It depends on what you mean by "built in".
 1) The RFC provides for ESP+authentication but
does not require ESP to use authentication.
 2) Although the RFC allows ESP without
authentication, typical implementations are
less flexible.  In FreeS/WAN for instance, if
you ask for ESP will get ESP+AH.

ESP without authentication may be vulnerable to
replay attacks and/or active attacks that tamper
with the bits in transit.  The degree of vulnerability
depends on details (type of chaining, higher-level
properties of payload, ...).

Remember that encryption and authentication perform
complimentary roles:  Suppose Alice is sending to
Bob.  They are being attacked by Eve.  Encryption
limits the amount of information _Eve_ receives.
Authentication prevents tampering, so _Bob_ can
trust what he receives.

It is possible to construct situations where you
could omit the AH from ESP+AH without losing
anything, but you would need to analyze the
situation pretty carefully.  If you have a good
reason for using something other than ESP+AH,
please clarify what you want to do and why.
Otherwise just go with the normal ESP+AH.

--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to