Nico:
Use of the NULL ESP algorithm implies no confidentiality protection, while use of the NULL AH algorithm implies no integrity protection (unless combined mode ESP algorithms are used). And in general we want IPsec used to provide integrity or confidentiality+integrity protection, but not really just confidentiality protection.
I generally agree with your point. Integrity protection is important, but I am not sure that this is the document to drive this point. We have seen NULL encryption and NULL integrity algorithms are very useful for debugging.
Russ _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf