[119324] in North American Network Operators' Group
Re: AH is pretty useless and perhaps should be deprecated
daemon@ATHENA.MIT.EDU (sfouant@shortestpathfirst.net)
Fri Nov 13 22:08:31 2009
To: "Jack Kohn" <kohn.jack@gmail.com>, nanog@nanog.org
From: sfouant@shortestpathfirst.net
Date: Sat, 14 Nov 2009 03:09:18 +0000
Reply-To: sfouant@shortestpathfirst.net
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I've seen some vendor implementations in which ESP actually outperformed AH during performance testing... go figure...
Stefan Fouant
------Original Message------
From: Jack Kohn
To: nanog@nanog.org
Subject: AH is pretty useless and perhaps should be deprecated
Sent: Nov 13, 2009 7:22 PM
Hi,
Interesting discussion on the utility of Authentication Header (AH) in
IPSecME WG.
http://www.ietf.org/mail-archive/web/ipsec/current/msg05026.html
Post explaining that AH even though protecting the source and
destination IP addresses is really not good enough.
http://www.ietf.org/mail-archive/web/ipsec/current/msg05056.html
What do folks feel? Do they see themselves using AH in the future?
IMO, ESP and WESP are good enough and we dont need to support AH any
more ..
Jack
Sent from my Verizon Wireless BlackBerry
