[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

policy versus protocol



> Date: Wed, 23 Apr 1997 19:01:22 +0300 (IDT)
> From: Hugo Krawczyk <hugo@ee.technion.ac.il>
> If there are applications that consciously decide to take all these risks
> I suggest they negotiate the EMPTY-MAC as their authentication
> algorithm (no processing penalty) rather than having ipsec explictly allowing
> integrity-less IP security.
>
I think that Hugo has hit the nail on the head here.

Instead of arguing about whether _WE_ should or should not allow this or
that combination, let's stick to documenting the protocol, and leave the
policy up to the application.

If NO_INTEGITY is negotiated, we need to know what the ESP packet looks
like.  (I'd say, elide the trailing field.)

If NO_ENCRYPTION is negotiated, we need to know what the ESP packet
looks like.  (I'd say, no fields would change.)

Let's stick to our mission, and not be sidetracked by policy.  If we had
followed the lead of the I_R_TF security WG, we'd never have had any
progress....  Leave the research to the researchers, and let's keep our
nose to the engineering grindstone.

WSimpson@UMich.edu
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32
BSimpson@MorningStar.com
    Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2