Re: [IPsec] Fw: New Version Notification for draft-smyslov-ipsecme-ikev2-null-auth-00.txt

[Paul Wouters <paul@cypherpunks.ca>]

On Fri, 17 Jan 2014, Valery Smyslov wrote:

>> I don't think this complicates the state machine that much, as it's
>> clearly distinct by the auth type none payload. My preference is for #1.
>
> Thank you for sharing your opinion. I still think that empty
> ID is preferrable, as IMHO it will add less complexity to
> implementation. I'd still like to know more opinions on this.

Sure. Let's hear from others.

> I got your point. But this problem is unrelated to NULL Auth and even
> to OE, IMHO. So I don't think it must be addressed in this draft.

Agreed.

>> By the way, I do prefer the name "auth none" over "auth null". To me,
>> 'null' embodies more of an error condition.
>
> My reasons for selecting this name were the folowing.
> First, we define new Authentication Method in IANA. A method
> is some essence, that defines how authentication has to be done.
> For me "NONE authentication" implies that this essence doesn't
> exist at all, while "NULL authentication" implies that this essence
> (authentication) exists, but performs no real action (is dummy).
> For me is sounds a bit better, as we define an essence in IANA.
> And second, I had a similar example - NULL Encryption Algorithm
> in ESP. For some reason it was named NULL, not NONE,
> so I just decided to follow this tradition.

I figured that was the reason. Although I think in the ESP case
there is an NO-OP encryption with the name NULL. Here I think
we have "no authentication", not an "authentication with null"

> Disclaimer: english is not my native language, so my
> arguments for the naming may look a bit silly.

The same disclaimer applies to me. So I would also like to hear
from others on this issue. Regardless, it is not a big deal for
me.

Paul