[Cryptography] Two quick questions about IPsec AH
Paul Wouters
paul at nohats.ca
Fri Jan 14 15:43:03 EST 2022
On Tue, 11 Jan 2022, William Allen Simpson wrote:
> Of course, security folks knew that was a requirement. Assigning a
> globally routable address to every [lightbulb, toaster, TV] is a
> terrible idea. My lightbulbs should not be talking outside the house.
But this requires an implicit rule of "but you can access your house
remotely" which is not true for most people and resulted in every
toaster being a minion device of some service provider asking you for
monthly fees to reach your own toaster.
>> ENCR_NULL is not only for testing, it is also in situations where you
>> do not want to do encryption (for example if traffic is already
>> encrypted, so there is no point of encrypting it second time), but do
>> want to do integrity and authentication checking.
>>
>> Because of this reason the ENCR_NULL is still MUST for ESP in the
>> RFC8221.
>
> IMnsHO, NULL encryption is evil, and should never have been allowed in the
> specification -- even for testing. For me, that was the last straw.
It is useful for testing, and at least with IKE/IPsec, no one has
accidentally used null encryption. No implementations have added it to
the default allow list of proposals. So in practise, it is not allowed.
> There's nothing wrong with multiple layers of encryption. I encourage it.
These days I agree it is mostly harmless. Back in the 90s, we just
didn't have the compute resources to allow double encryption.
Paul
More information about the cryptography
mailing list