[119323] in North American Network Operators' Group
Re: AH is pretty useless and perhaps should be deprecated
daemon@ATHENA.MIT.EDU (Jack Kohn)
Fri Nov 13 21:28:07 2009
In-Reply-To: <C5F8CA90-10BF-4AA9-93AD-7504966F0E00@delong.com>
Date: Sat, 14 Nov 2009 07:57:25 +0530
From: Jack Kohn <kohn.jack@gmail.com>
To: Owen DeLong <owen@delong.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
So who uses AH and why?
Jack
On Sat, Nov 14, 2009 at 6:19 AM, Owen DeLong <owen@delong.com> wrote:
> I've never seen anyone use AH vs. ESP. I've always used ESP and so has
> every other IPSEC implementation I've seen anyone do.
>
> Owen
>
> On Nov 13, 2009, at 4:22 PM, Jack Kohn wrote:
>
>> Hi,
>>
>> Interesting discussion on the utility of Authentication Header (AH) in
>> IPSecME WG.
>>
>> http://www.ietf.org/mail-archive/web/ipsec/current/msg05026.html
>>
>> Post explaining that AH even though protecting the source and
>> destination IP addresses is really not good enough.
>>
>> http://www.ietf.org/mail-archive/web/ipsec/current/msg05056.html
>>
>> What do folks feel? Do they see themselves using AH in the future?
>> IMO, ESP and WESP are good enough and we dont need to support AH any
>> more ..
>>
>> Jack
>
>
