Re: ESP revisions straw poll

[Daniel Harkins <dharkins@cisco.com>]

  Steve,

> Finally, in talking with a couple of active contributors, I've gotten the
> impression that there is support for encryptionless ESP, as defined in the
> current I-D.  The argumemts are that this should be easy to implement
> (since it is just ESP without encryption turned on), it is more efficient
> than AH, and  it is both appropriate and adequate in tunnel mode, as an
> alternative to tunnel mode AH.  So, I'd like to conduct a straw poll on
> this topic too.

  I give this a thumbs down. 

  I get the feeling that another generic tunneling protocol is being proposed
with authenticationless ESP and encryptionless ESP. We're going to end up
with EP and I don't think that's really solving the problem at hand.
  It has never made sense to me to have ESP not authenticate the outer IP 
header. I don't have any solid numbers on whether ESP authentication by
itself is faster than AH authentication but my gut feeling is there can't be
*that* big a difference. I also can't see why one wouldn't want to authenticate
as much as possible.
  We've moved beyond simple wordsmithing in these changes. The patient is now
under general anesthetic and we're carving a hole in his chest. In that light,
I'd like to propose a final operation (if he was under local anesthetic I
wouldn't dare). I'd like to see making authentication uniform. And, of course, 
doing away with encryptionless (and authenticationless) ESP.

  regards,

  Dan.

---

Follow-Ups:

• Re: ESP revisions straw poll
• From: Matt Thomas <matt.thomas@altavista-software.com>
• Re: ESP revisions straw poll
• From: Stephen Kent <kent@bbn.com>

References:

• ESP revisions straw poll
• From: Stephen Kent <kent@bbn.com>

---

• Prev by Date: Re: ESP revisions straw poll
• Next by Date: Re: ESP revisions straw poll
• Prev by thread: Re: ESP revisions straw poll
• Next by thread: Re: ESP revisions straw poll
• Index(es):
  • Main
  • Thread