[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ESP New Draft

To: "PALAMBER.US.ORACLE.COM" <PALAMBER@us.oracle.com>
Subject: Re: ESP New Draft
From: Daniel Harkins <dharkins@cisco.com>
Date: Sat, 17 May 1997 17:58:16 -0700
Cc: ipsec@tis.com
In-Reply-To: Your message of "16 May 1997 20:02:34 PDT." <199705170326.UAA26094@mailsun2.us.oracle.com>
Sender: owner-ipsec@ex.tis.com

  Paul,

  I'm confused by your recent note on the new ESP draft.

  You mention:
> The "changes" in this new specification should not be significant!  ESP 
> implementations conforming to the Memphis implementors agreements will be 
> conformant to this specification.  The only issues for the ESP specification 
> are the optional "value added" capabilities of ESP that include auth-only-ESP. 
If implementations which conform to the Memphis agreement are conformant to
the specification then there can be no "value added" encryptionless ESP since
in Memphis there was overwhelming agreement that this not be allowed.
 
> As working group chair, I see no clear consensus to forbid the use of ESP 
> with a null encryption algorithm (a.k.a auth-only-ESP).  

  I'm really at a loss here. In Memphis I was a bit distracted by the March
Of The Peabody Ducks but I do remember that around 4/5 of the people discussing
encryptionless ESP were against it. On the list it's about 3:1 against. 
Presidents claim a mandate with 55% of a vote; this is a veritable landslide!

  As mentioned on the list recently: a compelling argument must be made for
*change*, not for the status quo. The status quo is no encryptionless ESP.
There has been no compelling argument for change. (And it's not just me saying
this).

  You also said that you spoke to people implementing encryptionless ESP. Who?
And to what specification are they coding? Since ESP currently does not allow
encryptionless ESP and there are no published transforms defining such a beast
I'm curious who they are. Everybody who has anything close to running code has
announced their existance and no one has said they have encryptionless ESP. 
(Having taken part in recent IPsec bakeoffs, I'm not just spouting off).

  Lack of a compelling argument; clear consensus against; no running code
(and in fact, all running code is contrary). I'm puzzled why you come to the
conclusion you did.

  Dan.

References:

ESP New Draft

From: "PALAMBER.US.ORACLE.COM" <PALAMBER@us.oracle.com>

Prev by Date: Re: ESP revisions straw poll
Next by Date: ISAKMP cookies
Next by thread: Re: notes from developer's portion of IETF meeting
Index(es):
- Main
- Thread