Re: Deprecation of AH header from the IPSEC tool kit

[Michael Richardson <mcr@solidum.com>]

>>>>> "Michael" == Michael Thomas <mat@cisco.com> writes:
    Michael> Michael Richardson writes:
    >> There is no reduction in complexity if you create an ESP that covers
    >> the headers. The question is more simply: rm rfc2402.txt
    >> 
    >> or not.

    Michael> [cutting to the chase]

    Michael> If the end result is an AH'less v4 but MUST AH in v6, with
    Michael> oodles of v4 implementations which already support v4 AH, I'm
    Michael> not sure that there a whole lot of motivation deprecate it just
    Michael> for v4. You can just not run AH, after all.

  At present, you can't say that you are "IPsec IPv4 compliant" if you don't
have IPv4. At least, that is what the marketing people have been lead to
believe, and the customers, and those you have a lot of "checkbox-compliant"
IPv4 AH implementations.
  I feel for these people, which is why I suggest that AH be moved to
"MAY" for IPv4, but not deprecated.

  I also don't want to lose AH.

    Michael> Are folks over here aware that the cellular folks are requiring
    Michael> ipv6 in next gen handsets, and all that implies for security?
    Michael> This issue is not entirely academic anymore.

  Indeed!!!

   :!mcr!:            |  Solidum Systems Corporation, http://www.solidum.com
   Michael Richardson |For a better connected world,where data flows faster<tm>
 Personal: http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html
	mailto:mcr@sandelman.ottawa.on.ca	mailto:mcr@solidum.com

---

References:

• Re: Deprecation of AH header from the IPSEC tool kit
• From: Michael Thomas <mat@cisco.com>

---

• Prev by Date: Re: Deprecation of AH header from the IPSEC tool kit
• Next by Date: Re: Deprecation of AH header from the IPSEC tool kit
• Prev by thread: Re: Deprecation of AH header from the IPSEC tool kit
• Next by thread: Re: Deprecation of AH header from the IPSEC tool kit
• Index(es):
  • Main
  • Thread