PROPOSED STANDARD

Errata Exist

Network Working Group R. Glenn Request for Comments: 2410 NIST Category: Standards Track S. Kent BBN Corp November 1998 The NULL Encryption Algorithm and Its Use With IPsec Status of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (1998). All Rights Reserved. Abstract This memo defines the NULL encryption algorithm and its use with the IPsec Encapsulating Security Payload (ESP). NULL does nothing to alter plaintext data. In fact, NULL, by itself, does nothing. NULL provides the means for ESP to provide authentication and integrity without confidentiality. Further information on the other components necessary for ESP implementations is provided by [ESP] and [ROAD]. 1 . Introduction ESP] to provide authentication and integrity without confidentiality. NULL is a block cipher the origins of which appear to be lost in antiquity. Despite rumors that the National Security Agency suppressed publication of this algorithm, there is no evidence of such action on their part. Rather, recent archaeological evidence suggests that the NULL algorithm was developed in Roman times, as an exportable alternative to Ceaser ciphers. However, because Roman numerals lack a symbol for zero, written records of the algorithm's development were lost to historians for over two millennia. Glenn & Kent Standards Track [Page 1]

RFC 2410 NULL and IPsec November 1998 ESP] specifies the use of an optional encryption algorithm to provide confidentiality and the use of an optional authentication algorithm to provide authentication and integrity. The NULL encryption algorithm is a convenient way to represent the option of not applying encryption. This is referred to as ESP_NULL in [DOI]. The IPsec Authentication Header [AH] specification provides a similar service, by computing authentication data which covers the data portion of a packet as well as the immutable in transit portions of the IP header. ESP_NULL does not include the IP header in calculating the authentication data. This can be useful in providing IPsec services through non-IP network devices. The discussion on how ESP_NULL might be used with non-IP network devices is outside the scope of this document. In this memo, NULL is used within the context of ESP. For further information on how the various pieces of ESP fit together to provide security services, refer to [ESP] and [ROAD]. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC 2119]. 2 . Algorithm Definition 2.1 Keying Material RFC-2040], the NULL encryption algorithm can make use of keys of varying lengths. However, no measurable increase in security is afforded by the use of longer key lengths. 2.2 Cryptographic Synchronization Glenn & Kent Standards Track [Page 2]

RFC 2410 NULL and IPsec November 1998 2.3 Padding 2.4 . Performance 2.5 Test Vectors 3 . ESP_NULL Operational Requirements IKE] key extraction, the key size for this algorithm MUST be zero (0) bits, to facilitate interoperability and to avoid any potential export control problems. To facilitate interoperability, the IV size for this algorithm MUST be zero (0) bits. Padding MAY be included on outgoing packets as specified in [ESP]. 4 . Security Considerations Glenn & Kent Standards Track [Page 3]

RFC 2410 NULL and IPsec November 1998 ESP], while the use of encryption algorithms and authentication algorithms are optional in ESP, it is imperative that an ESP SA specifies the use of at least one cryptographically strong encryption algorithm or one cryptographically strong authentication algorithm or one of each. At the time of this writing there are no known laws preventing the exportation of NULL with a zero (0) bit key length. 5 . Intellectual Property Rights RFC-2026], the authors represent that they have disclosed the existence of any proprietary or intellectual property rights in the contribution that are reasonably and personally known to the authors. The authors do not represent that they personally know of all potentially pertinent proprietary and intellectual property rights owned or claimed by the organizations they represent or third parties. 6 . Acknowledgments 7 . References ESP] Kent, S., and R. Atkinson, "IP Encapsulating Security Payload", RFC 2406, November 1998. [AH] Kent, S., and R. Atkinson, "IP Authentication Header", RFC 2402, November 1998. [ROAD] Thayer, R., Doraswamy, N., and R. Glenn, "IP Security Document Roadmap", RFC 2411, November 1998. [DOI] Piper, D., "The Internet IP Security Domain of Interpretation for ISAKMP", RFC 2408, November 1998. Glenn & Kent Standards Track [Page 4]

RFC 2410 NULL and IPsec November 1998 7 . Full Copyright Statement