Paul Hoffman writes: > I'm pretty sure others have read this the other way: you must give a > transform of "none".
I do not see any point why I should send none, when it is better to just leave it out, this is what you normally do for ESP when you use combined mode ciphers. Leaving it out makes packets smaller... The problem is that in IKEv2 you are explicitly FORBIDDEN of using integrity algorithm of NONE: 5. Security Considerations ... choices in this protocol, see [SIGMA] and [SKEME]. Though the security of negotiated CHILD_SAs does not depend on the strength of the encryption and integrity protection negotiated in the IKE_SA, implementations MUST NOT negotiate NONE as the IKE integrity protection algorithm or ENCR_NULL as the IKE encryption algorithm. And someone might interpret that there cannot be Integrity algorithm NONE in any proposal for IKEv2 SA (in a sense there is no separate IKE integrity protection algorithm at all, but integrity protection is provided by the encryption algorithm). > Are people OK with wording that says "MUST either offer an integrity > algorithm or a single integrity algorithm of 'none'"? If you add "no" somewhere there (i.e. MUST either offer no integrity algorithm...) then I can accept it. > I still don't think NONE is not allowed, but I want to hear from > others. If no one implemented sending 'none', I'm happy to remove > it, but I don't want to break anyone's implementation. We do not support combined modes for IKEv2 SA yet (only for ESP, and in ESP we do not send integrity algorithm at all, but we do accept other ends proposal if they send none). -- kivi...@iki.fi _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec
