[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ESP revisions straw poll



Bill,

You just said:

"I noted these things in order to bring the argument to a conclusion,
since the "encryptionless" camp could have their wishes as a
non-mandatory entension.

But they don't seem to be satisfied.  They want to be mandatory."


While it is true that the current I-D would suggest mandatory support for
encryptionless ESP,  my message of 5/15 stated:

	"I do have a suggestion, though, to help reach closure on this
topic.  What if we say that an IPSEC implementation MAY elect to send
packets that are authenticated, but not encrypted?  That makes the existing
implementations compliant in this regard, yet holds open th opportunity for
future implementations to offer this feature if there is sufficinet demand.
An attempt to negotiate a set of algorithms that includes no encryption can
be rejected just like an attempt to negotiate use of an encryption
algorithm that is not supported.  One could even encode this as a null
encryption algorithm, as Bill Simpsom noted, if that would make processing
any more uniform."




References: