Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.freeswan.org > 1998-summer > 98 > 080266.html (Request Expert lists.freeswan.org Support)

Re: ESP NULL was linux-ipsec: broken for a few days...

From: Niels Provos <provos(at)power5.physnet.uni-hamburg.de>
Date: Fri Aug 07 1998 - 20:33:05 EDT

rob.glenn@nist.gov writes:
> ESP-NULL was initially requested by a particular vendor which wanted to
> use IPsec authentication services on non-IP networks and had other
> proposed uses for an authentication algorithm that ignores the IP header.
[...]
> time, equally as strong as AH with <same algorithm>, it was decided to
> make ESP_NULL a "mandatory to implement" algorithm (as specified in the
> DOI draft). I seriously doubt this will change.
This is a poor state of affairs. A single, yet unnamed, vendor managing to add something as MANDATORY to the drafts with a reasoning not even IP related.

AFAIK NAT has been given as the only 'sensible' reason for 'null esp' so far.

I wish it were that easy to make clearly necessary transforms like 3DES mandatory.

BTW the book by Diffie and Landau, "Privacy on the Line", is a nice reality check.

Greetings,
 Niels 

-- 
- PHYSnet Rechnerverbund     PGP V2.6 Public key via finger or key server
  Niels Provos               
  Universitaet Hamburg       WWW: 
http://www.physnet.uni-hamburg.de/provos/   
  Jungiusstrasse 9           E-Mail: provos@wserver.physnet.uni-hamburg.de
  Germany 20355 Hamburg      Tel.:   +49 40 4123-2404     Fax: -6571
Received on Fri Aug 7 21:17:32 1998

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:26 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library