IETF Logo Mail Archive

Re: [IPsec] Call for adoption: The NULL Authentication Method in IKEv2 Protocol

Michael Richardson <mcr+ietf@sandelman.ca> Thu, 11 September 2014 15:53 UTC

Return-Path: <mcr@sandelman.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF3501A895F for <ipsec@ietfa.amsl.com>; Thu, 11 Sep 2014 08:53:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.553
X-Spam-Level:
X-Spam-Status: No, score=-3.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.652, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VKT9ZJaYcv8Y for <ipsec@ietfa.amsl.com>; Thu, 11 Sep 2014 08:53:27 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1704F1A02F5 for <ipsec@ietf.org>; Thu, 11 Sep 2014 08:53:27 -0700 (PDT)
Received: from sandelman.ca (obiwan.sandelman.ca [209.87.249.21]) by tuna.sandelman.ca (Postfix) with ESMTP id 534C82002D for <ipsec@ietf.org>; Thu, 11 Sep 2014 11:57:58 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id 1FFEA63AE9; Thu, 11 Sep 2014 11:53:26 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id 05479637FC for <ipsec@ietf.org>; Thu, 11 Sep 2014 11:53:26 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: ipsec <ipsec@ietf.org>
In-Reply-To: <21521.33314.11281.192320@fireball.kivinen.iki.fi>
References: <540CA9B2.3090807@gmail.com> <21521.33314.11281.192320@fireball.kivinen.iki.fi>
X-Mailer: MH-E 8.2; nmh 1.3-dev; GNU Emacs 23.4.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha1"; protocol="application/pgp-signature"
Date: Thu, 11 Sep 2014 11:53:26 -0400
Message-ID: <23504.1410450806@sandelman.ca>
Sender: mcr@sandelman.ca
Archived-At: http://mailarchive.ietf.org/arch/msg/ipsec/sjmKpJ-4cIzI_BZZb1sr4vWzIjU
Subject: Re: [IPsec] Call for adoption: The NULL Authentication Method in IKEv2 Protocol
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Sep 2014 15:53:29 -0000

Tero Kivinen <kivinen@iki.fi> wrote:
    >> This is a call for adopting draft-smyslov-ipsecme-ikev2-null-auth as a
    >> WG document. Please respond to this mail with a Yes or No and a short
    >> rationale, at latest by Friday Sep. 12.

    > I have not really had time to concentrate on this topic yet, but I
    > think this kind of extension would be useful, and I especially think
    > one way authentication would be useful in the IoT contexts. 

I *do* think that no authentication will become useful for some things.

I wonder if we will see protocols where is the a cycle of null-auth IKEv2,
followed by some non-null-auth once the two parties decide that they might
want to do something more interesting.  (I liken this to two dogs sniffing
each other's butts... and then.. well. that might be safe-for-work)

I don't think IoT will be one of the situations.

Adopt the document.

-- 
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
 -= IPv6 IoT consulting =-

v2.23.0 | Report a Bug | By Email