IETF Logo Mail Archive

Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ???

Stephen Kent <kent@bbn.com> Mon, 09 December 2013 15:00 UTC

Return-Path: <kent@bbn.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87AED1AE332 for <perpass@ietfa.amsl.com>; Mon, 9 Dec 2013 07:00:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2zUdOEMi_FfE for <perpass@ietfa.amsl.com>; Mon, 9 Dec 2013 07:00:29 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by ietfa.amsl.com (Postfix) with ESMTP id C85151AE2F5 for <perpass@ietf.org>; Mon, 9 Dec 2013 07:00:28 -0800 (PST)
Received: from dommiel.bbn.com ([192.1.122.15]:56011 helo=comsec.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1Vq2Jm-00089x-Ja for perpass@ietf.org; Mon, 09 Dec 2013 10:00:18 -0500
Message-ID: <52A5DB02.1000709@bbn.com>
Date: Mon, 09 Dec 2013 10:00:18 -0500
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:24.0) Gecko/20100101 Thunderbird/24.1.1
MIME-Version: 1.0
To: perpass@ietf.org
References: <CAMm+LwijWwanC+KLaSC-Kgq4vP=8in8Juo2Gbd=URh4zVf55nA@mail.gmail.com> <0FE7905C-950F-4030-8A47-37C523FB497A@doubleshotsecurity.com> <95276F1E-2293-41F3-A6E7-7AEF4B22E811@doubleshotsecurity.com> <CAMm+LwjYUZN6b81=V0dm1y_oW9Y+Px5PHsenbXetMkpY=zq6zw@mail.gmail.com>
In-Reply-To: <CAMm+LwjYUZN6b81=V0dm1y_oW9Y+Px5PHsenbXetMkpY=zq6zw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------020805050204080800060704"
Subject: Re: [perpass] NULL Cipher RFC 2410 to HISTORIC ???
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2013 15:00:30 -0000

Phillip,
> On Mon, Dec 9, 2013 at 12:11 AM, Merike Kaeo 
> <merike@doubleshotsecurity.com <mailto:merike@doubleshotsecurity.com>> 
> wrote:
>
>     And so I reply to myself but got curious and wanted evidence.  I
>     found first references of AH/ESP and NULL in 1996 June IPsec
>     archives.
>     http://www.sandelman.ottawa.on.ca/ipsec/1996/06/msg00030.html
>
>     And while  some interesting tidbits, the joggle for my memory
>     banks was that there was a bunch of discussion on where AH would
>     be used with ESP and whether ESP only would also be relevant.  And
>     while I couldn't find exact reference to the March 1998 interop
>     testing in North Carolina that showed issues with AH not
>     traversing NATs I am fairly certain that was the case and why in
>     practice people starting using ESP-Null.  (it wasn't in the notes
>     for the follow-up IETF IPsec meeting).
>
>     Someone else from that time may also be able to chime in.
>
>
> The wording of the RFC does not help. It suggests that the cipher is 
> something of a joke and it states the original requirement came out of 
> a meeting for interop testing.
I like to think of the text in RFC 2410 as delightfully tongue in cheek.

Steve

v2.23.0 | Report a Bug | By Email