On Tue, 4 Mar 2014, Yaron Sheffer wrote:
Quoting from the abstract: "This method may be used to preserve anonymity or in situations, where no trust relationship exists between the parties." You seem to assume that all clients want to be anonymous. IMHO "unauthenticated" does not necessarily imply "anonymous". When I talk to someone on the plane and they tell me their name, they are not authenticated and they may well be lying. But in general, they are not anonymous either.
I'm really afraid of accidental leakage by implementors or administrators. In this era, I think we should really make an effort to protect against that. I really think it is a fundemantal problem if we allow an IPsec entity to lie about its identity. Right now, an identity is always proven by an authentication, and I think if there is no authentication, there should be no identity. If you want debugging, you can send some kind of implementation specific custom payload - don't piggyback on auth-none. Paul _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
