On Sep 7, 2014, at 2:53 PM, Yaron Sheffer <[email protected]> wrote:
> Dear working group,
>
> This is a call for adopting draft-smyslov-ipsecme-ikev2-null-auth as a WG
> document. Please respond to this mail with a Yes or No and a short rationale,
> at latest by Friday Sep. 12.
Maybe.
I understand and support the rationale for this draft.
The Security Considerations seems to be inadequate. Whenever possible, real
authentication should be used. So the Security Considerations should
explicitly and strongly emphasize that, and recommend that products that
incorporate Null authentication should strive to avoid its use whenever
possible, and steer users away from its use when they can.
A related question: does the use of Null authentication open up the Bellovin
attack? It seems that it would. If so, my answer changes to “NO”.
paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
