Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ???
Phillip Hallam-Baker <hallam@gmail.com> Mon, 09 December 2013 05:46 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 237431AD8DC for <perpass@ietfa.amsl.com>; Sun, 8 Dec 2013 21:46:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qqFYwe31mBu3 for <perpass@ietfa.amsl.com>; Sun, 8 Dec 2013 21:46:30 -0800 (PST)
Received: from mail-wi0-x22b.google.com (mail-wi0-x22b.google.com [IPv6:2a00:1450:400c:c05::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 08F9A1AD7C1 for <perpass@ietf.org>; Sun, 8 Dec 2013 21:46:29 -0800 (PST)
Received: by mail-wi0-f171.google.com with SMTP id bz8so3104778wib.16 for <perpass@ietf.org>; Sun, 08 Dec 2013 21:46:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=KZNBn9B1+0vxWEsOGMprrZfAu7rkGq+sbDx9AkGWixI=; b=D124faXml2p7zBwbYNY4lVgPGYvUHQO3SB6nSDAYiDwFF0a+wYRSjKE/0rUzCfIOJd Ade8cMoiNMm6VAj7thPa5LW0Ar5CRGIZeAEEUfOCh8ccQyCg++M+Ou7dZAvk+Ybo3eTJ P+9+Nkvns11ixb8mwFVdbpVAMriDKLakM1PHz43UQM8LzP9cE+YeZDvSt48J+E1EsW2g XyT2VTetRFsg6oWZQgqDJgGdSAR37FIbdb/Q6F37enM/sxwfwo4HGSjNaf9Tcur+UZxu OlKKjoHz/9nstaw1Tfpse1eDrpxmXPWEtCKA5693ti0D0HB3D+1cbYGxIudnzfEQQDm8 6RIA==
MIME-Version: 1.0
X-Received: by 10.194.94.167 with SMTP id dd7mr33276759wjb.43.1386567984806; Sun, 08 Dec 2013 21:46:24 -0800 (PST)
Received: by 10.194.243.136 with HTTP; Sun, 8 Dec 2013 21:46:24 -0800 (PST)
In-Reply-To: <95276F1E-2293-41F3-A6E7-7AEF4B22E811@doubleshotsecurity.com>
References: <CAMm+LwijWwanC+KLaSC-Kgq4vP=8in8Juo2Gbd=URh4zVf55nA@mail.gmail.com> <0FE7905C-950F-4030-8A47-37C523FB497A@doubleshotsecurity.com> <95276F1E-2293-41F3-A6E7-7AEF4B22E811@doubleshotsecurity.com>
Date: Mon, 09 Dec 2013 00:46:24 -0500
Message-ID: <CAMm+LwjYUZN6b81=V0dm1y_oW9Y+Px5PHsenbXetMkpY=zq6zw@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Merike Kaeo <merike@doubleshotsecurity.com>
Content-Type: multipart/alternative; boundary="047d7bb03c4631004c04ed1384a1"
Cc: perpass <perpass@ietf.org>, Hannes Tschofenig <hannes.tschofenig@gmx.net>, Nicholas Weaver <nweaver@icsi.berkeley.edu>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
Subject: Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ???
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2013 05:46:32 -0000
On Mon, Dec 9, 2013 at 12:11 AM, Merike Kaeo <merike@doubleshotsecurity.com>wrote: > And so I reply to myself but got curious and wanted evidence. I found > first references of AH/ESP and NULL in 1996 June IPsec archives. > http://www.sandelman.ottawa.on.ca/ipsec/1996/06/msg00030.html > > And while some interesting tidbits, the joggle for my memory banks was > that there was a bunch of discussion on where AH would be used with ESP and > whether ESP only would also be relevant. And while I couldn't find exact > reference to the March 1998 interop testing in North Carolina that showed > issues with AH not traversing NATs I am fairly certain that was the case > and why in practice people starting using ESP-Null. (it wasn't in the > notes for the follow-up IETF IPsec meeting). > > Someone else from that time may also be able to chime in. > The wording of the RFC does not help. It suggests that the cipher is something of a joke and it states the original requirement came out of a meeting for interop testing. I am not sure that authentication only VPN is something that we would see the need for these days. If the base protocol still doesn't do NAT right without a NULL cipher then it is broken. -- Website: http://hallambaker.com/
- [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Phillip Hallam-Baker
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Merike Kaeo
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Merike Kaeo
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Phillip Hallam-Baker
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Yoav Nir
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Phillip Hallam-Baker
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Moriarty, Kathleen
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Yoav Nir
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Michael Richardson
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Stephen Kent
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Stephen Kent
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Stephen Kent
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Michael Richardson
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Moriarty, Kathleen
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Phillip Hallam-Baker
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Paul Wouters
- Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ??? Paul Ferguson