Re[2]: linux-ipsec: broken for a few days...

"William Allen Simpson" <bsimpson@morningstar.com> wrote:
> > From: rob.glenn@nist.gov
> > ESP-NULL was initially requested by a particular vendor which wanted to

You missed your calling Bill, you should have been a lawyer. Yes, the idea of a null encryption cipher has been around for quite some time. But, the first point that people decided to treat the idea seriously with regard to IPsec was shortly before the March '98 Raleigh Interop when it appeared in the DOI spec. I believe (no, I don't have any hard evidence to support this) that Steve Kent had been pushing for this for quite some time. I apologize if I mislead anyone on this issue, it was not intentional.

>
> > Because of the controversy with AH, and the fact that ESP_NULL + <your

Given an authenticated SA, no one to date, has specified an attack that would succeed against NULL_ESP + auth_alg and not succeed against AH + auth_alg. If someone knows of such an attack, please bring it forward on the IETF IPsec WG list, or let me know, and I'll bring it up.

> However, it is mandatory to implement _only_ for ISAKMP, and not for
> anything else.

That is NOT a correct interpretation. Re-read Section 5. of the ESP draft.

begin-quote

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

   A compliant ESP implementation MUST support the following    mandatory-to-implement algorithms:

• DES in CBC mode [MD97]
• HMAC with MD5 [MG97a]
• HMAC with SHA-1 [MG97b]
• NULL Authentication algorithm
• NULL Encryption algorithm

   Since ESP encryption and authentication are optional, support for the    2 "NULL" algorithms is required to maintain consistency with the way    these services are negotiated. NOTE that while authentication and    encryption can each be "NULL", they MUST NOT both be "NULL"

end-quote

> I recommend that anytime ESP NULL is negotiated, a warning message
> appear on the console and in syslog, the same as when any other
> catastrophic error occurs, like a PPP link dying.

Please tell, what evidence is this recommendation based on?

> WSimpson@UMich.edu
Received on Fri Aug 7 12:26:17 1998