On Nov 14, 2009, at 9:58 PM, Steven Bellovin wrote:
On Nov 14, 2009, at 8:28 PM, David Barak wrote:
I've seen AH used as a "prove that this hasn't been through a NAT"
mechanism. In this context, it's pretty much perfect.
However, what I don't understand is where the dislike for it
originates: if you don't like it, don't run it. It is useful in
certain cases, and it's already in all of the production IPSec
implementations. Why the hate?
There are two reasons. First, it's difficult to implement cleanly,
since it violates layering: you have to know the contents of the
surrounding IP header to calculate the AH field. Back when I was
security AD, I had implementors, especially implementors of on-NIC
IPsec, beg me to get rid of it. Second, it's redundant; if (as I
believe), ESP with NULL encryption does everything useful that AH
does, why have two mechanisms?
Maybe someone should push through a "IPSEC-lite" in the same way we
are pushing through IGMPv3-lite.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
Regards
Marshall