Re: [IPsec] Working Group Last Call: draft-ietf-ipsecme-esp-ah-reqts
"Valery Smyslov" <svanru@gmail.com> Wed, 26 February 2014 07:07 UTC
Return-Path: <svanru@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com
(Postfix) with ESMTP id BA1BD1A0864 for <ipsec@ietfa.amsl.com>;
Tue, 25 Feb 2014 23:07:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.139
X-Spam-Level: *
X-Spam-Status: No, score=1.139 tagged_above=-999 required=5 tests=[BAYES_50=0.8,
DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001,
SPF_PASS=-0.001, STOX_REPLY_TYPE=0.439] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ambCvTtZ4Od6 for
<ipsec@ietfa.amsl.com>; Tue, 25 Feb 2014 23:07:03 -0800 (PST)
Received: from mail-la0-x22c.google.com (mail-la0-x22c.google.com
[IPv6:2a00:1450:4010:c03::22c]) by ietfa.amsl.com (Postfix) with ESMTP id
3C2E01A0860 for <ipsec@ietf.org>; Tue, 25 Feb 2014 23:07:03 -0800 (PST)
Received: by mail-la0-f44.google.com with SMTP id hr13so323841lab.17 for
<ipsec@ietf.org>; Tue, 25 Feb 2014 23:07:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=message-id:from:to:cc:references:subject:date:mime-version
:content-type:content-transfer-encoding;
bh=kk0yO0e//URML6UuCZocFPSc9AFDimPaMuQZNWibDd8=;
b=QRwxhHU6ENMoJ7mKeDD1VVlrsQ4+KZw1kcs8p8bK9wr4yVfvEAbwTAVkKMNwr1Kf0g
quWBnm+c7TTiDN2CxuMQrO+5gjq2gpB3fX4GtrrchXMgpOpg1GNXa6dQdjd0x8drkLiK
sqolWamD+pZa9UtfqaG9wSvXL/dZZ6VmMVADXtQSpI+FgNU3b5kp3EUvt0W32jWZsq+l
ePW7h7JK4Jooesq2WGdIChRCG5I5a5RxeuFHSSD2rCkvGgtOeDKHcV3BIn0VOwddU3kQ
mcPw7vENqviTZiQpDlm7qVehR9op3I8AN5o7E13MLJKlkYaPif1V1UX1oraHjWITaGIF rUcA==
X-Received: by 10.152.205.197 with SMTP id li5mr311599lac.50.1393398421291;
Tue, 25 Feb 2014 23:07:01 -0800 (PST)
Received: from buildpc ([93.188.44.200]) by mx.google.com with ESMTPSA id
10sm3728688lan.5.2014.02.25.23.06.59 for <multiple recipients> (version=TLSv1
cipher=RC4-SHA bits=128/128); Tue, 25 Feb 2014 23:07:00 -0800 (PST)
Message-ID: <C304982FF00F49BCB9A581CF122595FC@buildpc>
From: "Valery Smyslov" <svanru@gmail.com>
To: "Paul Hoffman" <paul.hoffman@vpnc.org>,
"Paul Wouters" <paul@cypherpunks.ca>
References: <530CE583.6030801@gmail.com>
<C1A9B4B9-FABA-4EAB-B325-88DCB3F3D9CB@gmail.com>
<alpine.LFD.2.10.1402251615220.21879@bofh.nohats.ca>
<7722BB5C-67E3-4A26-B767-D31FA122ABFB@vpnc.org>
Date: Wed, 26 Feb 2014 11:07:11 +0400
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5931
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.6157
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/7XfL9k01l7Lhr5x7SykuKKz16HQ
Cc: ipsec <ipsec@ietf.org>
Subject: Re: [IPsec] Working Group Last Call: draft-ietf-ipsecme-esp-ah-reqts
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>,
<mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>,
<mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Feb 2014 07:07:05 -0000
Hi Paul, >> It lists NULL ESP as a MUST. Wasn't this a MUST a leftover from the old >> crypto export restrictions? While I think NULL ESP is a good debugging >> tool, and a good replacement for AH in general, I don't think this is >> really a MUST item (unless you would actually advise people to migrate >> from AH to ESP NULL, in which case I'll cheer on this MUST) > > It is for systems that don't implement AH. We should probably say this > explicitly in section 3. I don't think it is limited for those systems only. You may implement AH, but yon cannot use it everywhere, as it is not compatible with NATs. And ESP-NULL with Auth is the only substitute there. So, it must be MUST for any system. Regards, Valery Smyslov.
- [IPsec] Working Group Last Call: draft-ietf-ipsec… Yaron Sheffer
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Yoav Nir
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Paul Wouters
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Paul Hoffman
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Paul Wouters
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Paul Hoffman
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Valery Smyslov
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Yaron Sheffer
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Paul Wouters
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Stephen Kent
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Stephen Kent
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Tero Kivinen
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Valery Smyslov
- Re: [IPsec] Working Group Last Call: draft-ietf-i… RJ Atkinson
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Tero Kivinen
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Paul Wouters
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Paul Wouters
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Valery Smyslov
- Re: [IPsec] Working Group Last Call: draft-ietf-i… RJ Atkinson
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Paul Wouters
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Paul Hoffman
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Paul Hoffman
- Re: [IPsec] Working Group Last Call: draft-ietf-i… Valery Smyslov