Re: draft-ietf-ipsec-esp-des-md5-01.txt

[Bill Sommerfeld <sommerfeld@apollo.hp.com>]

-----BEGIN PGP SIGNED MESSAGE-----

content-type: text/plain; charset=us-ascii

quoting from the draft:

      This draft describes a combination of privacy and optionally,
      authentication, integrity and replay prevention into a single packet
      format.
   
and later:

      The combinations of transformations are negotiated at key
      establishment time such as described in ISA/KMP [Maughan96] and
      Oakley [Orman96]. To conform with this RFC, of the 3 transforms
      documented in this RFC, only esp-DES-HMAC-RP shall be
      implemented.

Ok, is integrity protection mandatory or not?

My impression (and please correct me if I'm wrong) was that the
consensus of the WG at the LA IETF was that privacy without integrity
was too dangerous to implement; however, this draft is internally
inconsistant about whether integrity is mandatory, and specifies
transforms which it says should not be implemented.

What's changed?

					- Bill




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMYZLtFpj/0M1dMJ/AQFV2QP9FTCQ0W9OmUjcr9ZUsDtliflNMca4SEeg
7r+Gdd0D24KPaJji24FHZdf/JpM45mrlGYf4AzsQ9gBbLN2+uyinqVH4K9F1QQ5X
5sgUVrCC+ylq4uVMTak55f48Pq3pBmOKv+8jaeoULOgGD3WPi1YVHyG8IOZkSyB/
zMlgCYfKAho=
=YX9J
-----END PGP SIGNATURE-----

---

References:

• draft-ietf-ipsec-esp-des-md5-01.txt
• From: "James P. Hughes" <hughes@hughes.network.com>

---

• Prev by Date: draft-ietf-ipsec-esp-des-md5-01.txt
• Next by Date: Re: draft-ietf-ipsec-esp-des-md5-01.txt
• Prev by thread: draft-ietf-ipsec-esp-des-md5-01.txt
• Next by thread: Re: draft-ietf-ipsec-esp-des-md5-01.txt
• Index(es):
  • Main
  • Thread