Title: Re: [Ipsec] Discrepency RFC4301 and RFC4305

Hi John,

 

I am attaching a new thread regarding the NULL auth algorithm on the IPsec mailing list.

 

This should probably clarify what I had said in the thread “draft-ietf-ipv6-node-requirements-11.txt”.

 

Thanks,

Vishwas


From: Stephen Kent [mailto:[EMAIL PROTECTED]
Sent: Monday, January 09, 2006 9:16 PM
To: Vishwas Manral
Cc: IPsec; russ housley
Subject: Re: [Ipsec] Discrepency RFC4301 and RFC4305

 

At 8:04 PM -0800 1/8/06, Vishwas Manral wrote:

Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
  boundary="----_=_NextPart_001_01C614D1.CA0C5D20"

Hi,

 

I had brought out the issue more then a year back that:

 

RFC4301 states

            - confidentiality-only (MAY be supported)

            - integrity only (MUST be supported)

            - confidentiality and integrity (MUST be supported)

 

However RFC4305 states that NULL authentication support is a MUST.

 

I had brought out the issue with the draft which became RFC4305. Stephen Kent had supported the change and stated

"since we changed the requirements for encryption-only support in this round of document revisions, I think a SHOULD here is correct."

http://130.230.52.14/list-archive/ipsec/msg05576.html

 

however Donald Eastlake had stated

@@@ I think draft-ietf-ipsec-esp-v3-09 should be changed.

http://130.230.52.14/list-archive/ipsec/msg05578.html

 

The issue never got resolved and we now have this discrepancy in the RFC's. Should I send an errata for RFC4305 regarding the same?

 

Thanks,

Vishwas

 

Whoops.  Sorry that this one fell through the cracks in the intervening year after you noted the discrepancy.

 

I still think a SHOULD is appropriate for ESP, given the changes in the architecture document. Since this is a significant change (from a MUST to a SHOULD), it cannot be an errata, as Paul noted. I'll ask Russ how he would like to handle this.

 

Steve

 

--------------------------------------------------------------------
IETF IPv6 working group mailing list
[email protected]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------

Reply via email to