[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Last Call for IPSEC




"Patel, Baiju V" writes:
> Here is my analysis of why AH adds no security
> value over ESP with NULL encryption in case of
> IP v4. I do believe that similar story
> exists for IP v6. Therefore, unless one can clearly
> identify the value of using AH over ESP with NULL
> encryption, we MUST not define two standards with are 
> functionally equivalent and yet are different
> (AH is more complex to implement and is
> a layering violation).

I think it really doesn't matter at this point.

Unless you can prove that AH is actually insecure, we've been at this
too long not to progress the documents. We can easily reconsider the
situation before we progress to draft. There is a reason we have two
stages before full standardization.

Perry


References: