On Mon, Dec 9, 2013 at 2:23 AM, Yoav Nir <[email protected]> wrote:
> Phil, > > The issue is not that ESP needs a NULL cipher. It's that AH wouldn't > traverse NAT, and so they needed ESP to do the work that AH was designed to > do. > I understand that, though the fact that ESP with authentication would work through NAT but not AH seems remarkably odd to me. It suggests that the design is wrong. That flags a design error in the protocol AFIAK. As a remote access protocol, IPSEC has fallen far short of satisfactory. It has been necessary to install a plug in to use every corporate VPN I have used to date. > But beyond that little technicality, it stands out that they standardized > AH at all. So they felt that there was a need for integrity-only IPsec. I > guess part of this is that the perceived threats were different - there was > less personal information on the Internet, and IPsec (unlike TLS) is much > concerned with protecting non-confidential stuff like DNS, routing > protocols. Today, about the only good use case I can think of that doesn't > ever need confidentiality is NTP, and I don't know why we would want to > design a protocol specifically for securing NTP. > And to do authentication only twice seems even stranger. > Another part is that this was 1996 and in 1996 you had the "Pentium Pro" > with a 150 MHz clock and a 60 MHz bus, which could probably do a few Mbps > of 3DES+HMAC-MD5, or four times that with HMAC-MD5 alone. These are not > today's processors that do 4 Gbps per core with AES-GCM. > That is not the motivation that the RFC suggests. > BTW: this is not unique to IPsec. TLS also defines some NULL encryption > ciphersuites. > I know, but the problem is that people are now pointing to the NULL ciphers as precedent. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
