[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Deprecation of AH header from the IPSEC tool kit
>>>>> "itojun" == itojun <itojun@iijlab.net> writes:
>> Assume that Steve Bellovin has ocnvinced everyone that all current
>> IPv6 extension headers to not benefit from AH, or carry information
>> that could be independantly verified from info stored in the
>> SA-table. (e.g. legitimate source addresses, pointers to
>> PCBs). i.e. there is no current reason to have AH vs ESP in IPv6.
itojun> the observation is incorrect. there are extension headers that
itojun> require protection from AH: mobile-ip6 headers like binding
itojun> update.
Yes, I know.
ipngwg could say, "mobile-ip6 is not important enough to mandate AH
in all IPv6 end-nodes. If they want to support mobile-ip6, they'll
need to do AH."
But that would be up to ipngwg to say that.
:!mcr!: | Solidum Systems Corporation, http://www.solidum.com
Michael Richardson |For a better connected world,where data flows faster<tm>
Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
mailto:mcr@sandelman.ottawa.on.ca mailto:mcr@solidum.com
Follow-Ups:
References: