+1. I know of a network whose owners are far more worried about a replay attack than about data being revealed to the outside world. They need to verify the provenance of data (i. e. Make sure that it hasn't bee Natted), and AH is a simple way to do these precise things.
-David Barak James Hess wrote: > On Mon, Nov 16, 2009 at 6:23 PM, Jack Kohn <kohn.j...@gmail.com> wrote: >> However, i still dont understand why AH would be preferred over >> ESP-NULL in case of OSPFv3. The draft speaks of issues with replaying >> the OSPF packets. One could also do these things with AH. >> Am i missing something? > Neither protects against replay without additional measures. > However, AH is very close... consider using AH-authenticated > packets with the timestamp option and clock synchronization between > peers. > Discard packets arriving that are more than 5 minutes old. > In transport mode for security between LAN peers, ESP NULL verifies > the integrity of only the data payload in the packet. AH secures > the header, the IP header fields and options. > Therefore changing the timestamp to replay would be detected. > This evil act would not be detected if you are using ESP NULL, the > attacker can potentially replay this packet, while the SPI is still > good, and you'll never know. > One of AH's most visible disadvantages (cannot be used with NAT) is a > side-effect of the increased security coverage it provides. Many IPv4 > networks require NAT, making AH impractical. > However, matters could change for IPv6 networks with high > security requirements, that need to validate authenticity of more > than just packet contents... > -- > -J