The connections are host to host only, all ports, no gateways. You can call it no PAD, or call this policy the PAD. I don't see a problem with mapping auth none to this policy?
Sent from my iPhone > On Jun 4, 2014, at 16:03, Michael Richardson <[email protected]> wrote: > > > Paul Wouters <[email protected]> wrote: >>> Valery Smyslov <[email protected]> wrote: >> Paul ps. i also still >>> prefer AUTH_NONE over "NULL AUTH", as to me NULL >> looks more like an >>> error while "none" conveys intent. >>> >>>> I remember it. However I'm still waiting for other's opinions on >>> this. > Naming is not a problem. >>> >>> I prefer AUTH_NONE over "NULL AUTH". Still, that doesn't convey >>> enough intent; AUTH_DIDNTWANTTO, or something like that might say it >>> better, but that's a mouthful, so I can live with AUTH_NONE if we >>> can't do better. > >> AUTH_ANON ? Although I think AUTH_NONE is more in line with how we name >> things. > > I don't agree that it is anonymous. It says that the identity was not > authenticated, it didn't say that no identity was provided. > > Clearly: the identity can't be trusted and can't be used in anyway. > So, given that, how does one look up acceptable TSx in the PAD? > > I think that the opportunistic encryption use case given can not make any > sense without reference to the PAD. > > -- > Michael Richardson <[email protected]>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > > _______________________________________________ > IPsec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/ipsec _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
