[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A small question about the ESP proposals.

To: avs@winner.lc.lucent.com
Subject: Re: A small question about the ESP proposals.
From: Stephen Kent <kent@bbn.com>
Date: Fri, 31 Jul 1998 18:38:06 -0400
Cc: ipsec@tis.com
In-Reply-To: <35C0D907.C02E9D2@winner.lc.lucent.com>
Sender: owner-ipsec@ex.tis.com


>I am referring to the "Domain of Interpretation for ISAKMP" document, section
>4.4.4.
>In the second para, it says the following:
>
>"when authentication, integrity protection, and replay detection are required,
>the
> ^^^^
>Authentication Algorithm attribute MUST be specified to identify the
>appropriate
>ESP protection suite."
>
>Does that mean that we can have an ESP without authentication?
>Can any body clarify?

Yes, authentication is optional for ESP, although the Arch Doc warns about
using ESP w/o auth by itsefl. Note, for example, that a combined AH-ESP SA
bunlde might not employ auth in ESP as it would be redundant.

Steve

References:

A small question about the ESP proposals.

From: avs@winner.lc.lucent.com

Prev by Date: Re: clarification: end-to-end tunnel carries ALL traffic
Prev by thread: A small question about the ESP proposals.
Next by thread: clarification: end-to-end tunnel carries ALL traffic
Index(es):
- Main
- Thread