[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: notes from developer's portion of IETF meeting

To: ho@earth.hpc.org (Hilarie Orman)
Subject: Re: notes from developer's portion of IETF meeting
From: Stephen Kent <kent@bbn.com>
Date: Tue, 13 May 1997 21:05:48 -0400 (EDT)
Cc: hugo@ee.technion.ac.il, ipsec@tis.com
In-Reply-To: <199704291302.JAA28064@earth.hpc.org>
References: Yourmessage <v03007820af8a864be5cf@[128.89.0.110]>
Sender: owner-ipsec@ex.tis.com

Hilarie + Hugo,

	As in my immediately preceeding message, I apologize for being
tardy in my response.  I've thought about the idea of including a null
integrity transform in ESP, as you have both suggested, and I don't think
it's a good idea.  Note that there seems to be general agreement that using
ESP w/o authentication is OK if one also applies AH to packets, so there is
already a precendent for situations where no authentication algorithm would
be selected.  Thus, adding a null authentication algorithm would, I fear,
create the potential for confusion, since it already would be appropriate
thing to negotiate in some circumstances.  Also, negotiation of a null
authentication algorithm seems equivalent to negotiation of NO
authentication algorithm, so I don't see the benefit from that perspective
either.  Instead, I suggest that we leave this section of ESP as it is, and
note in the architecture document the security implications of not
including authentication in ESP when Ah also is not applied to packets.
That discussion will observe that some uses of AH with ESP avoid the need
for autentication in ESP but that use of ESP without AH is dangerous in
most other ciscumstances and thus such use should be negotiated only under
very carefully controlled circumstances.

Steve

Prev by Date: Re: Comments on draft-ietf-ipsec-new-auth-00.txt
Next by Date: Re: Comments on draft-ietf-ipsec-new-auth-00.txt
Prev by thread: Re: ESP revisions straw poll
Next by thread: isakmp-07.txt
Index(es):
- Main
- Thread