[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: eliminate AH -- unanimous
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "William" == William Allen Simpson <wsimpson@greendragon.com> writes:
William> Based on the responses to this list over the past week,
William> it appears that the WG is unanimous that AH will be
William> eliminated as redundant.
Oh, I knew I should have got my head out of the code and said
something. I do not agree.
a) please announce this on the IPv6 groups. How do we authenticate
v6 options is something I want to know. Are there v6 hop-by-hop
options that we need to authenticate?
AH is currently mandatory for v6, so now the v6 people are going to
have to revise their drafts.
b) I agree with Bellovin's observations about the futility of
authenticating the things in the base IPv4 header. All that info can
be stored in the SA anyway.
c) However, if AH dies in the v4 world, then I'd rather it happened
due to implementation and deployment experience rather than by decree
right now.
Finally, I think the US based vendors will be shooting themselves in
the foot here. Fine, that benefits me.
:!mcr!: | Network security programming, currently
Michael Richardson | with DataFellows F-Secure IPSec
WWW: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQB1AwUBM47zq6ZpLyXYhL+BAQGRIwL9H/EjXNwa1M4p232ioyOwaefbyWPlgfXu
OCJtfqJrN+mkJBPVWY6Y7K7qVmIQYAy9RT7ZRJHoM/fY3vSXEN/Eo6LHcwfkY0aw
QhPtLNTWUQ8tBgmPq8cB9NgAasEHcWxu
=lJUM
-----END PGP SIGNATURE-----
References: