> > > > I think you'll need to add some text that says if confidentiality is > > required, the NULL cipher suites MUST NOT negotiate NULL encryption ciphers. > > > > I'm hoping that we can keep the part about MUST NOT support NULL integrity > > and authentication algorithms in Section 5.3. But, add a new lastsentence > > that says something like: > > > > When confidentiality is provided by [insert mechanism here], then NULL
> > encryption algorithms MAY be negotiated. > > Let's change that to: > When confidentiality is desired but without the overhead of using DTLS > encryption, then it may be provided by provisioning a physically > secured network. In that case the NULL encryption algorithm may be > negotiated. > > Does that work? > Those words could work. It would be better if the phrase "physically secured network" were "appropriately secured network". I'm thinking about people who are using VLAN and other low level hardware technologies. Someone who understands the issues can decide whether their low level hardware approach is a suitable equivalent to "physically secured" so this is less imprtant. Either wording results in implementations that can be configured to meet the need. Kind Regards, Robert Horn | Agfa HealthCare Research Scientist | HE/Technology Office T +1 978 897 4860 Agfa HealthCare Corporation, 100 Challenger Road, Ridgefield Park, NJ, 07660-2199, United States http://www.agfa.com/healthcare/ Click on link to read important disclaimer: http://www.agfa.com/healthcare/maildisclaimer _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
