On Thu, 14 Feb 2019, Valery Smyslov wrote:
just a small clarification and a comment.This sentence is confusing: ESP can be used to authenticate only or to encrypt the communication. Since IPsec-v2 allowed ESP without authentication, and IPsec-v3 only has authenticated ESP. It's better to say ESP allows null-encryption and not mention authentication (which always happens)In fact, RFC 4303 does allow using encryption w/o authentication for ESP, unless NULL encryption is used.
But RFC 8221 does not :) https://tools.ietf.org/html/rfc8221#section-4 4. Encryption Must Be Authenticated [...] Although I guess we do not Updatae: 4303 so it sort of does not count. Steve Kent wrote a lot of words in 4303 to basically say do not use ESP without authentication (from ESP itself or another AH layer)
I agree with this.
Ahh, we do agree on something at least :) Paul _______________________________________________ Lwip mailing list [email protected] https://www.ietf.org/mailman/listinfo/lwip
