[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Death to AH? (was: Reasons for AH & ESP )
Bob> From: Robert Moskowitz [mailto:rgm-sec@htt-consult.com]
Bob> I am all for a rough concensus that will change the IPsec/IKE standards to
Bob> list AH as a Historical protocol that should not be implemented anymore.
I concur that the value of AH is dubious at present. But the present
consists of people deploying VPNs.
I believe that the value of AH has yet to appear. The simplest value of it
over ESP-NULL is that one knows that the packet isn't encrypted, and
therefore it can be audited. I am therefore strongly opposed to it moving to
historical status.
I believe that having it as MAY is reasonable for IPv4.
I believe that the decision as to MAY/SHOULD/MUST for IPv6 should be left to ipngwg.
:!mcr!: | Solidum Systems Corporation, http://www.solidum.com
Michael Richardson |For a better connected world,where data flows faster<tm>
Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
mailto:mcr@sandelman.ottawa.on.ca mailto:mcr@solidum.com
References: