Hannes,
Hi Stephen, Hi Nicholas,
it would be interesting (as a history lesson) if someone could tell us
why the group at that time decided to develop a NULL encryption
mechanism. Stephen Kent (co-author of RFC 2410) might remember. I have
no heard
NULL encryption is offered as an option for ESP to enable ESP to be used
in contexts
where data integrity, authentication and anti-replay may be required,
but confidentiality is not desired. AH was designed to offer this set of
security requirements, but we found that ESP was much more efficient,
and thus we included NULL encryption as an option for ESP. BTW, the most
common motivation for not imposing confidentially is a need to perform
packet inspection in an enterprise environment.
Steve
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
