Daniel,
> AH is a security feature we need to keep for header authentication
Am really not sure about the value that AH adds even in case of header
authentication.
So what fields does AH protect:
Version, Payload length, Next Header, Source IP and dest IP
The only field worth modifying is the source and the dest IP. Now note that an
IPSec SA is established between a pair of source IP and dest IP. Upon receipt
of a packet containing an AH header, the receiver determines the appropriate
(unidirectional) SA, based on the dest IP, security protocol (AH), and the SPI
(it could also include the source IP). If the attacker modifies (or spoofs)
either of the source or the dest IP, the SA lookup will fail and the receiver
will regardless discard the packet. So what are we gaining by AH "header
authentication"?
AH can only add value over ESP-NULL if there are instances where despite
address spoofing we erroneously process the IPSec packet. I don't see that
happening, so is this really an issue?
Cheers, Manav
________________________________
From: Daniel Migault [mailto:[email protected]]
Sent: Thursday, November 12, 2009 11.14 AM
To: Jack Kohn
Cc: Stephen Kent; [email protected]; Bhatia, Manav (Manav); Merike Kaeo
Subject: Re: [IPsec] WESP - Roadmap Ahead
On Thu, Nov 12, 2009 at 5:30 AM, Jack Kohn <[email protected]> wrote:
>
> Whoops, I was wrong. I looked at 4552 and they do cite
ESP-NULL (although
> they never refer to it that way) as a MUST, and AH as a MAY.
Ok, so can we work on deprecating AH? This way new standards
defined
in other WGs dont have to provide support for AH.
AH is a security feature we need to keep for header authentication.
Other WG may chose not to deal with AH and only consider ESP. I don't see
what's wrong with that?
Regards
Daniel
--
Daniel Migault
Orange Labs -- Security
+33 6 70 72 69 58
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
