ietf
[Top] [All Lists]

Re: [secdir] Review of draft-manral-ipsec-rfc4305-bis-errata-02.txt

2006-12-11 15:35:38
On Mon, Dec 11, 2006 at 05:30:26PM -0500, Russ Housley wrote:
Nico:

Use of the NULL ESP algorithm implies no confidentiality protection,
while use of the NULL AH algorithm implies no integrity protection
(unless combined mode ESP algorithms are used).  And in general we want
IPsec used to provide integrity or confidentiality+integrity protection,
but not really just confidentiality protection.

I generally agree with your point.  Integrity protection is 
important, but I am not sure that this is the document to drive this 
point.  We have seen NULL encryption and NULL integrity algorithms 
are very useful for debugging.

Right.  I am not suggesting a change of policy here, but rather an
explanation for the MUST NOT use NULL ESP and NULL AH together.

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf