[119343] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: AH is pretty useless and perhaps should be deprecated

daemon@ATHENA.MIT.EDU (Joel Jaeggli)
Mon Nov 16 01:18:34 2009

Date: Mon, 16 Nov 2009 15:17:29 +0900
From: Joel Jaeggli <joelja@bogus.com>
To: Bill Fehring <lists@billfehring.com>
In-Reply-To: <eec2beac0911152129j3b79be1cye5744e40864602fe@mail.gmail.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org



Bill Fehring wrote:
> On Sun, Nov 15, 2009 at 20:48, Joel Jaeggli <joelja@bogus.com> wrote:
>> Owen DeLong wrote:
>>> I've never seen anyone use AH vs. ESP.
>> OSPFv3?
> 
> Maybe I'm asking a dumb question, but why would one prefer AH over ESP
> for OSPFv3?

Header protection... still doesn't provide replay protection, your
mileage may vary

http://tools.ietf.org/html/draft-ietf-opsec-routing-protocols-crypto-issues-02

> RFC4552:
> "In order to provide authentication to OSPFv3, implementations MUST
> support ESP and MAY support AH."
> 
> -Bill
>


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[119343] in North American Network Operators' Group

Re: AH is pretty useless and perhaps should be deprecated

daemon@ATHENA.MIT.EDU (Joel Jaeggli)Mon Nov 16 01:18:34 2009

daemon@ATHENA.MIT.EDU (Joel Jaeggli)
Mon Nov 16 01:18:34 2009