Stephen Farrell <stephen.farrell@xxxxxxxxx> wrote: > That does not make no-encryption a form of encryption. Agreed, but just to give an example of how ESP-NULL can *enable* encryption.... One of the potential outcomes of some non-authenticated OS systems might be that enterprise border systems might be more willing to let various kinds of "secured" traffic through, such as permitting end-to-end IPsec using ESP-NULL, as those border systems can now both: a) audit the inner traffic, b) opportunistically then encrypt between borders, and maybe (c) encrypt between end system and borders. This is a mechnanism that I wanted to standardize back in 1996 at my first IETF meeting... when IPsec impacted against "authenticated firewall traversal" ideas... (I think we are boiling the ocean on this document. Publish it) -- Michael Richardson <mcr+IETF@xxxxxxxxxxxx>, Sandelman Software Works -= IPv6 IoT consulting =-
Attachment:
pgp0vFcMEkj8X.pgp
Description: PGP signature