I've already asked co-chairs for a slot to present null-auth
in a private e-mail.
Great :)
We should probably add a comment about rekeying. If the responder
becomes the initiator, it might run into issues. Possibly an entity
that did not authenticate the peer should not initiate a rekey.
Rekeying or reauthentication? I don't think rekeying might
cause a problem as it doesn't include any authentication.
Or do you refer to some different issue?
There is also the case where A uses null auth to an authenticated B,
and B then gets independantly triggered to setup a null auth connection
to A. We haven't fully figured out how to deal with this other than
"if we see our own IPSECKEY record, don't initiate null auth", but I'm
not sure if that covers everyone's use case.
I think it is more relevant to a specific use case than
to the method itself. Some text could be added that
if entity is authenticated using some mechanism other than
NULL, then NULL SHOULD not be used for the same entity.
Paul
ps. i also still prefer AUTH_NONE over "NULL AUTH", as to me NULL looks
more like an error while "none" conveys intent.
I remember it. However I'm still waiting for other's opinions on this.
Naming is not a problem.
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
