On Monday, December 11, 2006 04:34:54 PM -0600 Nicolas Williams
<Nicolas(_dot_)Williams(_at_)sun(_dot_)com> wrote:
On Mon, Dec 11, 2006 at 05:30:26PM -0500, Russ Housley wrote:
Nico:
> Use of the NULL ESP algorithm implies no confidentiality protection,
> while use of the NULL AH algorithm implies no integrity protection
> (unless combined mode ESP algorithms are used). And in general we want
> IPsec used to provide integrity or confidentiality+integrity
> protection, but not really just confidentiality protection.
I generally agree with your point. Integrity protection is
important, but I am not sure that this is the document to drive this
point. We have seen NULL encryption and NULL integrity algorithms
are very useful for debugging.
Right. I am not suggesting a change of policy here, but rather an
explanation for the MUST NOT use NULL ESP and NULL AH together.
So, "MUST is for implementors". It's about requirements on the
implementation, not on how it is used. If you say that the NULL algorithms
"MUST NOT be used", you are requiring the implementation not to permit
their use under any circumstances. That seems excessively strong.
I agree with Russ - while deploying the NULL algorithms in production would
be silly, having them for debugging can be terribly useful.
-- Jeff
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf