IETF Logo Mail Archive

Re: [Hipsec] [saag] NULL encryption mode in RFC 5202-bis

Ted Lemon <ted.lemon@nominum.com> Tue, 22 July 2014 14:50 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: hipsec@ietfa.amsl.com
Delivered-To: hipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 877171B295B; Tue, 22 Jul 2014 07:50:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mZ3m49ZCqXxy; Tue, 22 Jul 2014 07:50:43 -0700 (PDT)
Received: from shell-too.nominum.com (shell-too.nominum.com [64.89.228.229]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7DA701B2958; Tue, 22 Jul 2014 07:50:43 -0700 (PDT)
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 92EB81B83AB; Tue, 22 Jul 2014 07:49:57 -0700 (PDT)
Received: from webmail.nominum.com (cas-02.win.nominum.com [64.89.228.132]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTP id 8C663190060; Tue, 22 Jul 2014 07:49:57 -0700 (PDT)
Received: from nat64.meeting.ietf.org (31.130.238.169) by CAS-02.WIN.NOMINUM.COM (192.168.1.101) with Microsoft SMTP Server (TLS) id 14.3.158.1; Tue, 22 Jul 2014 07:49:51 -0700
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Ted Lemon <ted.lemon@nominum.com>
In-Reply-To: <53CE78ED.1030602@htt-consult.com>
Date: Tue, 22 Jul 2014 10:49:48 -0400
Content-Transfer-Encoding: quoted-printable
Message-ID: <F871C0FA-DA7A-43AB-82DF-29449636AEF1@nominum.com>
References: <53BB798A.3080101@tomh.org> <m3lhs3dh5w.fsf@carbon.jhcloos.org> <399ECC6D-CB3D-46F7-A9D7-7465608F1B77@nominum.com> <53CE78ED.1030602@htt-consult.com>
To: Robert Moskowitz <rgm@htt-consult.com>
X-Mailer: Apple Mail (2.1878.6)
X-Originating-IP: [31.130.238.169]
Archived-At: http://mailarchive.ietf.org/arch/msg/hipsec/kkalZ2fbZYJxvvv-2mUwZG6asSg
Cc: hipsec@ietf.org, saag@ietf.org, James Cloos <cloos@jhcloos.com>
Subject: Re: [Hipsec] [saag] NULL encryption mode in RFC 5202-bis
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec/>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Jul 2014 14:50:47 -0000

On Jul 22, 2014, at 10:45 AM, Robert Moskowitz <rgm@htt-consult.com> wrote:
> It is a switch to request integrity only. Or to only allow integrity only. Either party MUST be able to reject an integrity only negotiation.

That's not good enough.   It should be the case that integrity-only negotiations are rejected by default, unless there's no protocol requirement for confidentiality.   If there is no need for confidentiality, then the answer to the DISCUSS should be "there is no need for confidentiality."

v2.23.0 | Report a Bug | By Email