Phillip Hallam-Baker <[email protected]> wrote: > Hi Stephen, Hi Nicholas,
> it would be interesting (as a history lesson) if someone could tell
> us why the group at that time decided to develop a NULL encryption
> mechanism. Stephen Kent (co-author of RFC 2410) might remember. I have
> no heard
> It was for testing and it all happened long before any of the evidence
> of the NSA peddling bongoed crypto suggests that it was going on. I
> think it highly unlikely that anything of the sort was going on before
> 9/11 and my sources claim that the change came much later, if it
> happened at all.
It was an alternative to using AH, which did not traverse NAT.
Yes, it was also useful for debugging.
ESP has both authentication and encryption, and historically, they are
provided by different algorithms (3DES+HMAC_SHA1) vs the way AES-GCM-type
modes work.
--
Michael Richardson <[email protected]>, Sandelman Software Works
pgpolQUZ9IJep.pgp
Description: PGP signature
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
