[119332] in North American Network Operators' Group
Re: AH is pretty useless and perhaps should be deprecated
daemon@ATHENA.MIT.EDU (David Barak)
Sat Nov 14 20:29:00 2009
Date: Sat, 14 Nov 2009 17:28:20 -0800 (PST)
From: David Barak <thegameiam@yahoo.com>
To: Steven Bellovin <smb@cs.columbia.edu>,
Adam Stasiniewicz <stasinia@msoe.edu>
In-Reply-To: <DFE00B9F-72AD-4A51-ADFB-22B2E7B4114D@cs.columbia.edu>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I've seen AH used as a "prove that this hasn't been through a NAT" mechanis=
m.=A0=A0In this context, it's pretty much perfect.=0A=0AHowever, what I don=
't understand is where the dislike for it=A0originates: if you don't like i=
t, don't run it.=A0=A0It is useful in certain cases,=A0and it's already in =
all of the production IPSec implementations.=A0 Why the hate?=0ADavid Barak=
=0ANeed Geek Rock? Try The Franchise: =0Ahttp://www.listentothefranchise.co=
m=0A=0A=0A
