ietf
[Top] [All Lists]

Re: Review of draft-manral-ipsec-rfc4305-bis-errata-02.txt

2006-12-11 15:35:29
Nico:

Use of the NULL ESP algorithm implies no confidentiality protection,
while use of the NULL AH algorithm implies no integrity protection
(unless combined mode ESP algorithms are used).  And in general we want
IPsec used to provide integrity or confidentiality+integrity protection,
but not really just confidentiality protection.

I generally agree with your point. Integrity protection is important, but I am not sure that this is the document to drive this point. We have seen NULL encryption and NULL integrity algorithms are very useful for debugging.

Russ


_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf