authentication and ESP
John S. Denker
jsd at monmouth.com
Sun Jun 22 17:15:47 EDT 2003
On 06/19/2003 01:49 PM, martin f krafft wrote:
> As far as I can tell, IPsec's ESP has the functionality of
> authentication and integrity built in:
It depends on what you mean by "built in".
1) The RFC provides for ESP+authentication but
does not require ESP to use authentication.
2) Although the RFC allows ESP without
authentication, typical implementations are
less flexible. In FreeS/WAN for instance, if
you ask for ESP will get ESP+AH.
ESP without authentication may be vulnerable to
replay attacks and/or active attacks that tamper
with the bits in transit. The degree of vulnerability
depends on details (type of chaining, higher-level
properties of payload, ...).
Remember that encryption and authentication perform
complimentary roles: Suppose Alice is sending to
Bob. They are being attacked by Eve. Encryption
limits the amount of information _Eve_ receives.
Authentication prevents tampering, so _Bob_ can
trust what he receives.
It is possible to construct situations where you
could omit the AH from ESP+AH without losing
anything, but you would need to analyze the
situation pretty carefully. If you have a good
reason for using something other than ESP+AH,
please clarify what you want to do and why.
Otherwise just go with the normal ESP+AH.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list