On Mon, Dec 9, 2013 at 12:11 AM, Merike Kaeo <[email protected]>wrote:
> And so I reply to myself but got curious and wanted evidence. I found > first references of AH/ESP and NULL in 1996 June IPsec archives. > http://www.sandelman.ottawa.on.ca/ipsec/1996/06/msg00030.html > > And while some interesting tidbits, the joggle for my memory banks was > that there was a bunch of discussion on where AH would be used with ESP and > whether ESP only would also be relevant. And while I couldn't find exact > reference to the March 1998 interop testing in North Carolina that showed > issues with AH not traversing NATs I am fairly certain that was the case > and why in practice people starting using ESP-Null. (it wasn't in the > notes for the follow-up IETF IPsec meeting). > > Someone else from that time may also be able to chime in. > The wording of the RFC does not help. It suggests that the cipher is something of a joke and it states the original requirement came out of a meeting for interop testing. I am not sure that authentication only VPN is something that we would see the need for these days. If the base protocol still doesn't do NAT right without a NULL cipher then it is broken. -- Website: http://hallambaker.com/
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
