[119321] in North American Network Operators' Group
Re: AH is pretty useless and perhaps should be deprecated
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri Nov 13 19:51:50 2009
From: Owen DeLong <owen@delong.com>
In-Reply-To: <dc8fd0140911131622n38af24f6je4bc4c0b8b7ad9d9@mail.gmail.com>
Date: Fri, 13 Nov 2009 16:49:40 -0800
To: Jack Kohn <kohn.jack@gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I've never seen anyone use AH vs. ESP. I've always used ESP and so has
every other IPSEC implementation I've seen anyone do.
Owen
On Nov 13, 2009, at 4:22 PM, Jack Kohn wrote:
> Hi,
>
> Interesting discussion on the utility of Authentication Header (AH) in
> IPSecME WG.
>
> http://www.ietf.org/mail-archive/web/ipsec/current/msg05026.html
>
> Post explaining that AH even though protecting the source and
> destination IP addresses is really not good enough.
>
> http://www.ietf.org/mail-archive/web/ipsec/current/msg05056.html
>
> What do folks feel? Do they see themselves using AH in the future?
> IMO, ESP and WESP are good enough and we dont need to support AH any
> more ..
>
> Jack
