Manav, On Thu, Jul 23, 2020 at 08:19:26PM +0530, Manav Bhatia wrote: > I am sorry I dont understand this point. > > I would like to stick to NULL because it's less prone to > implementation/inter-op bugs where you dont need to keep changing the kind > of auth you use depending upon where you are in your finite state machine > (FSM). And moreover, doing an AUTH adds no security to the protocol.
The premise of the draft is that more expensive ciphers are expensive AT RATE AND SCALE. Init and Down sessions are 1pps. The rate portion of the argument is no longer a point of concern. I agree that it adds no additional security per our analysis. However, I expect this dialog to happen with the security ADs. Their typical answer is "if you could secure it, you should". If they don't start this conversation, we're done. :-) -- Jeff
