Re: Review of: Opportunistic Security -03 preview for comment

ietf

[Top] [All Lists]

<prev [Date] next>

<prev [Thread] next>

Re: Review of: Opportunistic Security -03 preview for comment

2014-08-16 14:45:19

from [Michael Richardson]

[Permanent Link]


Stephen Farrell <stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie> wrote:
    > That does not make no-encryption a form of encryption.

Agreed, but just to give an example of how ESP-NULL can *enable*
encryption....

One of the potential outcomes of some non-authenticated OS systems might be
that enterprise border systems might be more willing to let various kinds of
"secured" traffic through, such as permitting end-to-end IPsec using
ESP-NULL, as those border systems can now both: a) audit the inner traffic,
b) opportunistically then encrypt between borders, and maybe (c)
encrypt between end system and borders.

This is a mechnanism that I wanted to standardize back in 1996 at my first
IETF meeting... when IPsec impacted against "authenticated firewall
traversal" ideas...

(I think we are boiling the ocean on this document. Publish it)

--
Michael Richardson <mcr+IETF(_at_)sandelman(_dot_)ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

pgp7yBlU7d7j2.pgp
Description: PGP signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Review of: Opportunistic Security -03 preview for comment, (continued) Re: Review of: Opportunistic Security -03 preview for comment, Pete Resnick Re: Review of: Opportunistic Security -03 preview for comment, Dave Crocker Re: Review of: Opportunistic Security -03 preview for comment, Stephen Farrell Re: Review of: Opportunistic Security -03 preview for comment, Dave Crocker Re: Review of: Opportunistic Security -03 preview for comment, Fred Baker (fred) Re: Review of: Opportunistic Security -03 preview for comment, Stephen Farrell RE: Review of: Opportunistic Security -03 preview for comment, l.wood Re: Review of: Opportunistic Security -03 preview for comment, Nico Williams RE: Review of: Opportunistic Security -03 preview for comment, l.wood Re: Review of: Opportunistic Security -03 preview for comment, Paul Wouters Re: Review of: Opportunistic Security -03 preview for comment, Michael Richardson <= Re: Review of: Opportunistic Security -03 preview for comment, Nico Williams Re: Review of: Opportunistic Security -03 preview for comment, Stephen Kent Re: [saag] Review of: Opportunistic Security -03 preview for comment, Benjamin Kaduk Re: [saag]: Review of: Opportunistic Security -03 preview for comment, Viktor Dukhovni Re: [saag]: Review of: Opportunistic Security -03 preview for comment, Eliot Lear Re: [saag]: Review of: Opportunistic Security -03 preview for comment, John Wroclawski Re: [saag]: Review of: Opportunistic Security -03 preview for comment, Viktor Dukhovni RE: [saag]: Review of: Opportunistic Security -03 preview for comment, l.wood Re: [saag] : Review of: Opportunistic Security -03 preview for comment, Theodore Ts'o DANE should be more prominent (Re: Review of: Opportunistic Security -03 preview for comment), Nico Williams

Previous by Date:	Re: [saag] : Review of: Opportunistic Security -03 preview for comment, Theodore Ts'o
Next by Date:	Re: [saag] Protocol Design Pattern (was Re: Last Call: <draft-dukhovni-opportunistic-security-01.txt>), Benjamin Kaduk
Previous by Thread:	Re: Review of: Opportunistic Security -03 preview for comment, Paul Wouters
Next by Thread:	Re: Review of: Opportunistic Security -03 preview for comment, Nico Williams
Indexes:	[Date] [Thread] [Top] [All Lists]