Phillip,
On Mon, Dec 9, 2013 at 12:11 AM, Merike Kaeo
<[email protected] <mailto:[email protected]>>
wrote:
And so I reply to myself but got curious and wanted evidence. I
found first references of AH/ESP and NULL in 1996 June IPsec
archives.
http://www.sandelman.ottawa.on.ca/ipsec/1996/06/msg00030.html
And while some interesting tidbits, the joggle for my memory
banks was that there was a bunch of discussion on where AH would
be used with ESP and whether ESP only would also be relevant. And
while I couldn't find exact reference to the March 1998 interop
testing in North Carolina that showed issues with AH not
traversing NATs I am fairly certain that was the case and why in
practice people starting using ESP-Null. (it wasn't in the notes
for the follow-up IETF IPsec meeting).
Someone else from that time may also be able to chime in.
The wording of the RFC does not help. It suggests that the cipher is
something of a joke and it states the original requirement came out of
a meeting for interop testing.
I like to think of the text in RFC 2410 as delightfully tongue in cheek.
Steve
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
