Hi,
On 07/08/2014 07:54 AM, Tom Henderson wrote:
Hi all,
Apologies for cross-posting, but Stephen Farrell raised a DISCUSS
(seconded by Kathleen Moriarty) in the IESG evaluation of RFC 5202-bis:
Using the Encapsulating Security Payload (ESP) Transport Format with
the Host Identity Protocol (HIP). Stephen asked me to raise this
question for discussion on both the HIP and SAAG lists.
Stephen's discuss questions the specification of "MUST to implement" for
the NULL encryption option of the ESP_TRANSFORM parameter:
http://tools.ietf.org/html/draft-ietf-hip-rfc5202-bis-05#section-5.1.2
Stephen asks why is this a MUST to implement? The history behind this
that I'm aware of is that since HIP does not have an AH, only ESP, the
ESP with NULL encryption mode can provide authentication. It was also
stated in previous drafts that this mode supports debugging.
Null encryption was also specified as a MUST to implement in RFC5202 and
dates back to earlier versions of the HIP base draft (to 2003:
http://tools.ietf.org/html/draft-moskowitz-hip-06#section-11.3).
maybe we should keep it as it is for easier, incremental
interoperability testing. The same issue was discussed earlier in this
thread:
http://www.ietf.org/mail-archive/web/hipsec/current/msg01779.html
If you think this is a big problem, I'd suggest replacing NULL with
suite id 9.
_______________________________________________
Hipsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/hipsec
