> > > BTW, insider threats are on the rise according to various public > > reports, so should not be discounted. This is one of the motivations > > of employing security, even within the Enterprise. > > Yes, but I do not really think people are going to solve those using > ESP-NULL. I think they must move to encrypted ESP to provide > confidentiality also, and that makes the need for ESP-NULL visibility > even less.
I disagree. With AH as a MAY and ESP as MUST in IPSec, most vendors will implement ESP (besides the problem of AH being NAT unfriendly). All applications (OSPFv3, RIPng, etc), and there are many, which don't care about confidentiality, but are only concerned with authentication and integrity assurance, will continue using ESP-NULL. Thus there is a need for ESP-NULL visibility. Cheers, Manav > > For example most of the insider information (insider trading, leaking > trade secrets, espionage) problems cannot be solved by using ESP-NULL. > > > [Ken] Perhaps there is a migration path consideration, where > > heuristics can offer interim benefits until a more deterministic > > solution is adopted. Adoption of either / both / neither will be > > ultimately based on numerous factors, including value, customer > > demand, etc. > > This I agree and I have even tried to bring this up in my draft (see > last paragraph in the introduction section). > -- _______________________________________________ IPsec mailing list IPsec@ietf.org https://www.ietf.org/mailman/listinfo/ipsec