Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard

[Bronislav Kavsan <bkavsan@ire-ma.com>]

Robert Moskowitz wrote:

> Another strong argument for AH was export.  The assumption is that AH will
> always be exportable.  Getting an export license for an ESP implementation
> that only does NULL-ESP might be a little hard.

Neither AH nor NULL-ESP provide data confidentiality - why is the former protocol
less difficult to export than the latter?

> It might be interesting to have discussions at Chicago if AH should remain
> a MUST, but we need some field experience for that decision.

Question: if AH becomes non-MUST - does it mean that SA Bundles (both Transport
Adjacency and Iterative Tunneling) will also become non-MUST? This will result in
significant simplification of IPsec complient implementations.

Slava Kavsan
IRE

---

Follow-Ups:

• Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
• From: Ran Atkinson <rja@inet.org>

References:

• RE: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
• From: Robert Moskowitz <rgm-sec@htt-consult.com>

---

• Prev by Date: RE: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
• Next by Date: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
• Prev by thread: RE: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
• Next by thread: Re: Last Call: Security Architecture for the Internet Protocol to Proposed Standard
• Index(es):
  • Main
  • Thread