[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ESP revisions straw poll

To: ipsec@tis.com
Subject: Re: ESP revisions straw poll
From: Dan.McDonald@Eng.sun.com (Dan McDonald)
Date: Wed, 14 May 1997 14:17:31 -0700 (PDT)
In-Reply-To: <9705142026.AA55965@hawpub.watson.ibm.com> from "Uri Blumenthal" at May 14, 97 04:26:29 pm
Sender: owner-ipsec@ex.tis.com

Encryptionless ESP may cause more harm than good.

By its nature, ESP is "encryption enabling technology" and is therefore not
exportable w/o jumping through various hoops.  Even if your product is only
using encryptionless ESP, it may still have to jump through hoops.

AH is not encryption enabling technology, and an AH that has IP or IPv6 as
its next header (commonly called, "tunnel-mode AH") solves the problems an
encryptionless ESP solves.  Its only disadvantage is including some of the IP
header fields in the AH computation.

Given a (possibly slight) performance loss vs. legal headaches and hassles,
I'll swallow the loss.

Bottom line:	I do not like encryptionless ESP.

Dan

Follow-Ups:

Re: ESP revisions straw poll

From: Stephen Kent <kent@bbn.com>

References:

Re: ESP revisions straw poll

From: Uri Blumenthal <uri@watson.ibm.com>

Prev by Date: Re: Comments on draft-ietf-ipsec-new-auth-00.txt
Next by Date: Re: ESP revisions straw poll
Prev by thread: Re: ESP revisions straw poll
Next by thread: Re: ESP revisions straw poll
Index(es):
- Main
- Thread