[119326] in North American Network Operators' Group
Re: AH is pretty useless and perhaps should be deprecated
daemon@ATHENA.MIT.EDU (Luca Tosolini)
Sat Nov 14 02:38:13 2009
From: Luca Tosolini <bit.gossip@chello.nl>
To: nanog@nanog.org
In-Reply-To: <dc8fd0140911131827w2da9b179w9d4fef98c6b3f0e0@mail.gmail.com>
Date: Sat, 14 Nov 2009 08:37:26 +0100
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Junos VRRP with md5 authentication does.....
On Sat, 2009-11-14 at 07:57 +0530, Jack Kohn wrote:
> So who uses AH and why?
>
> Jack
>
> On Sat, Nov 14, 2009 at 6:19 AM, Owen DeLong <owen@delong.com> wrote:
> > I've never seen anyone use AH vs. ESP. I've always used ESP and so has
> > every other IPSEC implementation I've seen anyone do.
> >
> > Owen
> >
> > On Nov 13, 2009, at 4:22 PM, Jack Kohn wrote:
> >
> >> Hi,
> >>
> >> Interesting discussion on the utility of Authentication Header (AH) in
> >> IPSecME WG.
> >>
> >> http://www.ietf.org/mail-archive/web/ipsec/current/msg05026.html
> >>
> >> Post explaining that AH even though protecting the source and
> >> destination IP addresses is really not good enough.
> >>
> >> http://www.ietf.org/mail-archive/web/ipsec/current/msg05056.html
> >>
> >> What do folks feel? Do they see themselves using AH in the future?
> >> IMO, ESP and WESP are good enough and we dont need to support AH any
> >> more ..
> >>
> >> Jack
> >
> >
>
