[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Deprecation of AH header from the IPSEC tool kit




>>>>> "itojun" == itojun  <itojun@iijlab.net> writes:
    >> Assume that Steve Bellovin has ocnvinced everyone that all current
    >> IPv6 extension headers to not benefit from AH, or carry information
    >> that could be independantly verified from info stored in the
    >> SA-table. (e.g. legitimate source addresses, pointers to
    >> PCBs). i.e. there is no current reason to have AH vs ESP in IPv6.

    itojun> the observation is incorrect.  there are extension headers that
    itojun> require protection from AH: mobile-ip6 headers like binding
    itojun> update.

  Yes, I know.

  ipngwg could say, "mobile-ip6 is not important enough to mandate AH
in all IPv6 end-nodes. If they want to support mobile-ip6, they'll
need to do AH."

  But that would be up to ipngwg to say that.

   :!mcr!:            |  Solidum Systems Corporation, http://www.solidum.com
   Michael Richardson |For a better connected world,where data flows faster<tm>
 Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
	mailto:mcr@sandelman.ottawa.on.ca	mailto:mcr@solidum.com


  

  


Follow-Ups: References: