idnits 2.17.1 

draft-bhatia-moving-ah-to-historic-00.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (December 30, 2011) is 4501 days in the past.  Is this
     intentional?


  Checking references for intended status: Informational
  ----------------------------------------------------------------------------

     No issues found here.

     Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.
--------------------------------------------------------------------------------


2	Network Working Group                                          M. Bhatia
3	Internet-Draft                                            Alcatel-Lucent
4	Intended status: Informational                         December 30, 2011
5	Expires: July 2, 2012

7	             Moving Authentication Header (AH) to Historic
8	                 draft-bhatia-moving-ah-to-historic-00

10	Abstract

12	   This document recommends retiring Authentication Header (AH) and
13	   discusses the reasons for doing so.  It recommends moving RFC 4302 to
14	   Historic status.

16	Requirements Language

18	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
19	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
20	   document are to be interpreted as described in RFC 2119 [RFC2119].

22	Status of this Memo

24	   This Internet-Draft is submitted in full conformance with the
25	   provisions of BCP 78 and BCP 79.

27	   Internet-Drafts are working documents of the Internet Engineering
28	   Task Force (IETF).  Note that other groups may also distribute
29	   working documents as Internet-Drafts.  The list of current Internet-
30	   Drafts is at http://datatracker.ietf.org/drafts/current/.

32	   Internet-Drafts are draft documents valid for a maximum of six months
33	   and may be updated, replaced, or obsoleted by other documents at any
34	   time.  It is inappropriate to use Internet-Drafts as reference
35	   material or to cite them other than as "work in progress."

37	   This Internet-Draft will expire on July 2, 2012.

39	Copyright Notice

41	   Copyright (c) 2011 IETF Trust and the persons identified as the
42	   document authors.  All rights reserved.

44	   This document is subject to BCP 78 and the IETF Trust's Legal
45	   Provisions Relating to IETF Documents
46	   (http://trustee.ietf.org/license-info) in effect on the date of
47	   publication of this document.  Please review these documents
48	   carefully, as they describe your rights and restrictions with respect
49	   to this document.  Code Components extracted from this document must
50	   include Simplified BSD License text as described in Section 4.e of
51	   the Trust Legal Provisions and are provided without warranty as
52	   described in the Simplified BSD License.

54	1.  Introduction

56	   IPsec uses two protocols to provide traffic security services --
57	   Authentication Header (AH) and Encapsulating Security Payload (ESP).
58	   Both protocols are described in detail in their respective RFCs
59	   [RFC4302] [RFC4303]

61	   [RFC4301] recommends IPsec implementations to MUST support ESP and
62	   MAY support AH.  Support for AH was downgraded to MAY because
63	   experience has shown that there are very few contexts in which ESP
64	   cannot provide the requisite security services.  Note that ESP can be
65	   used to provide only integrity, without confidentiality, making it
66	   comparable to AH in most contexts.

68	   AH offers integrity and data origin authentication, with optional (at
69	   the discretion of the receiver) anti-replay features.  ESP, on the
70	   other hand, offers the same set of services, and also additionally
71	   offers confidentiality.

73	   These protocols may be applied individually or in combination with
74	   each other to provide IPv4 and IPv6 security services.  However, most
75	   security requirements can be met through the use of ESP by itself.
76	   Each protocol supports two modes of use: transport mode and tunnel
77	   mode.  In transport mode, AH and ESP provide protection primarily for
78	   next layer protocols; in tunnel mode, AH and ESP are applied to
79	   tunneled IP packets.  [RFC4301] describes detailed differences
80	   between these two modes.

82	   There is no particular security problem with using AH.  It lives up
83	   to its security claims.  Its just that its completely redundant with
84	   ESP, since ESP will NULL encryption (ESP-NULL) [RFC2410] can provide
85	   the same functionality and the world can do with one less protocol.

87	   Moving AH to historic doesn't mean that people have to stop using AH
88	   right now.  It only means that in the opinion of the community there
89	   are now better alternatives.  Moving AH to historic will discourage
90	   new protocols to mandate the use of AH.  It however, does not
91	   preclude the possibility of new work to IETF that will require or
92	   enhance AH.  It just means that the authors will have to explain why
93	   that solution is really needed and why ESP-NULL cant be used instead.

95	2.  AH and ESP

97	   It is alleged that AH provides more security than ESP in the
98	   transport mode as AH also authenticates the IP header fields.  This
99	   argument is however moot as ESP in the tunnel mode can provide the
100	   same level of security since the payload now includes the original IP
101	   header.  It is also believed by many that securing the IP header isnt
102	   really very important [Schneier].

104	   It is commonly believed that AH is quite useful in securing the IPv6
105	   extension headers.  AH protects most of the basic IPv6 header, the
106	   non-mutable extension headers after the AH, and the IP payload.
107	   Protection for the IPv6 header excludes the mutable fields: DSCP,
108	   ECN, Flow Label, and Hop Limit.  ESP, on the other hand, doesn't
109	   protect the immutable parts of the IPv6 header nor those of any
110	   extension header.  This can however be fixed by putting the IPv6
111	   extension headers that are required to be protected after the ESP
112	   header.  Hop-by-Hop options are not an issue, as the intermediate
113	   hops do not have keys to verify the message authentication code so
114	   they cannot really be protected anyways.

116	   AH breaks Network Address Translators (NATs).  This is because AH
117	   relies on the sanctity of the IP header so that any tamperings, even
118	   by a NAT, get detected and packets get discarded.  Solving this issue
119	   requires another device that fixes the NAT translation back to the
120	   original one (a specific case of Double NAT).  ESP, on the other
121	   hand, fixes this problem by encapsulating ESP packets inside UDP
122	   packets for traversing NATs [RFC3948].

124	   Firewalls in the enterprise environments often require visibility
125	   into packets, ranging from simple packet header inspection to deeper
126	   payload examination.  Routers also often need to deep inspect control
127	   traffic to prioritize certain protocol packets over the others.  This
128	   was initially difficult with ESP since was impossible to know whether
129	   an ESP packet was integrity protected or encrypted by merely
130	   inspecting the packet.  This was easy with AH since the payload was
131	   transmitted in clear.  This problem however has been solved by
132	   introducing WESP [RFC5840] which defines a mechanism to provide
133	   additional information in relevant IPsec packets so intermediate
134	   devices can efficiently differentiate between encrypted and
135	   integrity-only ESP packets.

137	   ESP-NULL seems to do everything useful that can be done with AH.
138	   Given this, it makes sense to move AH to Historic status so that
139	   newer protocols dont mandate or propose extensions that rely on AH to
140	   be supported.

142	3.  Security Considerations

144	   Its argued that ESP in the tunnel mode is equivalent to the AH in the
145	   transport mode.  It should however be noted that ESP tunnel mode SA
146	   applied to an IPv6 flow results in at least 50 bytes of additional
147	   overhead per packet.  This additional overhead may be undesirable for
148	   many bandwidth-constrained wireless and/or satellite communications
149	   networks, as these types of infrastructure are not overprovisioned.

151	   Packet overhead is particularly significant for traffic profiles
152	   characterized by small packet payloads (e.g., various voice codecs).
153	   If these small packets are afforded the security services of an IPsec
154	   tunnel mode SA, the amount of per-packet overhead is increased.

156	   This issue will perhaps be alleviated by header compression schemes
157	   defined in [RFC5856] [RFC5857] and [RFC5858].

159	4.  IANA Considerations

161	   None

163	5.  References

165	5.1.  Normative References

167	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
168	              Requirement Levels", BCP 14, RFC 2119, March 1997.

170	   [RFC2410]  Glenn, R. and S. Kent, "The NULL Encryption Algorithm and
171	              Its Use With IPsec", RFC 2410, November 1998.

173	   [RFC4301]  Kent, S. and K. Seo, "Security Architecture for the
174	              Internet Protocol", RFC 4301, December 2005.

176	   [RFC4302]  Kent, S., "IP Authentication Header", RFC 4302,
177	              December 2005.

179	   [RFC4303]  Kent, S., "IP Encapsulating Security Payload (ESP)",
180	              RFC 4303, December 2005.

182	5.2.  Informative References

184	   [RFC3948]  Huttunen, A., Swander, B., Volpe, V., DiBurro, L., and M.
185	              Stenberg, "UDP Encapsulation of IPsec ESP Packets",
186	              RFC 3948, January 2005.

188	   [RFC5840]  Grewal, K., Montenegro, G., and M. Bhatia, "Wrapped
189	              Encapsulating Security Payload (ESP) for Traffic
190	              Visibility", RFC 5840, April 2010.

192	   [RFC5856]  Ertekin, E., Jasani, R., Christou, C., and C. Bormann,
193	              "Integration of Robust Header Compression over IPsec
194	              Security Associations", RFC 5856, May 2010.

196	   [RFC5857]  Ertekin, E., Christou, C., Jasani, R., Kivinen, T., and C.
197	              Bormann, "IKEv2 Extensions to Support Robust Header
198	              Compression over IPsec", RFC 5857, May 2010.

200	   [RFC5858]  Ertekin, E., Christou, C., and C. Bormann, "IPsec
201	              Extensions to Support Robust Header Compression over
202	              IPsec", RFC 5858, May 2010.

204	   [Schneier]
205	              Ferguson, N. and B. Schneier, "A Cryptographic Evaluation
206	              of IPsec", December  2003,
207	              <http://www.schneier.com/paper-ipsec.pdf>.

209	Author's Address

211	   Manav Bhatia
212	   Alcatel-Lucent

214	   Email: manav.bhatia@alcatel-lucent.com