Re: Deprecation of AH header from the IPSEC tool kit

[Michael Thomas <mat@cisco.com>]

Paul Koning writes:
 > It's never been the point of any of this discussion to deprecate the
 > notion that authentication is useful -- the issue is whether it makes
 > sense to retain AH when ESP does the job with significantly less
 > hassle.

   What keeps nagging at me is the overhead of both AH
   and ESP, not to mention the added complexity.

   This might be water well under the bridge, but has
   the thought of having a mode to ESP which protects the 
   outer headers? I know that's contrary to the 
   "encapsulating" part, but if we want to converge
   on one crypto header, it seems to me that placing
   an artificial restriction that outside headers can
   never be protected is pretty arbitrary and wrongheaded
   (even though I'm persuaded by Steve Bellovin's arguments
   about v4 headers).

	    Mike

---

Follow-Ups:

• Re: Deprecation of AH header from the IPSEC tool kit
• From: Paul Koning <pkoning@xedia.com>
• Re: Deprecation of AH header from the IPSEC tool kit
• From: Michael Richardson <mcr@solidum.com>

References:

• Deprecation of AH header from the IPSEC tool kit
• From: "Waters, Stephen" <Stephen.Waters@cabletron.com>
• Re: Deprecation of AH header from the IPSEC tool kit
• From: Paul Koning <pkoning@xedia.com>

---

• Prev by Date: IKECFG draft
• Next by Date: Re: Deprecation of AH header from the IPSEC tool kit
• Prev by thread: Re: Deprecation of AH header from the IPSEC tool kit
• Next by thread: Re: Deprecation of AH header from the IPSEC tool kit
• Index(es):
  • Main
  • Thread