Nico:
Use of the NULL ESP algorithm implies no confidentiality protection,
while use of the NULL AH algorithm implies no integrity protection
(unless combined mode ESP algorithms are used). And in general we want
IPsec used to provide integrity or confidentiality+integrity protection,
but not really just confidentiality protection.
I generally agree with your point. Integrity protection is
important, but I am not sure that this is the document to drive this
point. We have seen NULL encryption and NULL integrity algorithms
are very useful for debugging.
Russ
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf