Re: Death to AH? (was: Reasons for AH & ESP )

[Michael Richardson <mcr@solidum.com>]

>>>>> "Steven" == Steven M Bellovin <smb@research.att.com> writes:

    Steven> In message <200006022050.QAA17398@solidum.com>, Michael Richardson writes:

    >> I believe that the decision as to MAY/SHOULD/MUST for IPv6 should be left to
    >> ipngwg.

    Steven> No -- they're not security folks, for the most part.  (There are 
    Steven> certainly exceptions, including Ran Atkinson.)  The decision needs to 
    Steven> be made jointly, based on headers devised by ipngwg and analyzed for 
    Steven> security properties by ipsecwg.

  That's not the point. A new header may require AH. That we can decide in a
number of ways. 

  Right now, it is my understanding that all IPv6 implementations must
implement AH to be compliant, independantly of what headers they use. If your
analysis is correct, that there aren't any headers that benefit from AH (and
I believe it to be) then it seems to me that the decision as to whether the
AH feature (alone) is *essential* for IPv6 should be up to ipngwg.

  It seems that you are hedging your bets here Steven: if you believe that
there may be headers devised by ipngwg that would require AH, then we have
found a use for AH in IPv6. If not, then AH stands as a feature by itself.

   :!mcr!:            |  Solidum Systems Corporation, http://www.solidum.com
   Michael Richardson |For a better connected world,where data flows faster<tm>
 Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
	mailto:mcr@sandelman.ottawa.on.ca	mailto:mcr@solidum.com

---

References:

• Re: Death to AH? (was: Reasons for AH & ESP )
• From: "Steven M. Bellovin" <smb@research.att.com>

---

• Prev by Date: Re: Reasons for AH & ESP
• Next by Date: Re: Interoperability (was: Death to AH?)
• Prev by thread: Re: Death to AH? (was: Reasons for AH & ESP )
• Next by thread: Re: Death to AH? (was: Reasons for AH & ESP )
• Index(es):
  • Main
  • Thread