[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: notes from developer's portion of IETF meeting



On the issue of ESP with optional AH I worte a few days ago:
 
> If there are applications that consciously decide to take all these risks
> I suggest they negotiate the EMPTY-MAC as their authentication 
> algorithm (no processing penalty) rather than having ipsec explictly
> allowing integrity-less IP security.

Hilarie recently wrote:

>From ho@earth.hpc.org  Tue Apr 29 17:01:47 1997
>
> ...
> I expressed doubt as to the wisdom of leaving this judgment up to the
>individual user or system administrator, given that it is less than
>straightforward to analyze the safety of such a decision and that,
>with the exception of very low speed lines, the performance is not
>greatly impacted by requiring integrity.  I could see having it be a
>property of the transform --- a transform designer can specify the
>null integrity algorithm if he knows that the encryption algorithm has
>built-in integrity --- but I don't find the DAP example compelling.
>

Following these sugestions and Steve's recent comments
I propose to mandate integrity with ESP and to have editorial notes 
that

1) emphasize the importance of integrity in ESP 
and
2) suggest that in the particular cases where an application decides that
the costof authentication together with ESP is not worthwhile (e.g., since
integrity is provided by a different mechanism in that application) then the
communicating parties can negotiate a "null integrity algorithm".

Hugo


Follow-Ups: