Re: Deprecation of AH header from the IPSEC tool kit

[Paul Krumviede <paul@mci.net>]

--On Thursday, 15 June, 2000 17:37 -0700 Michael Thomas <mat@cisco.com> 
wrote:

> RJ Atkinson writes:
>  > The real issue here is that VPN Product vendors currently dominate
>  > the IPsec WG.  VPN vendors don't want to support AH and aren't
>  building > IPv6 products, yet they want to claim to be fully "IPsec
>  Compliant"  > (which is marketing speak; I have no clue what it really
>  means).   > In short, some of the impetus behind this proposal is to
>  solve a  > marketing problem -- most of the remainder is largely
>  smoke-screen.
>
>    I see. This couldn't have anything to do with
>    header bandwidth overhead concerns, not to mention
>    the near mind-bending complexity of 2 degrees of
>    freedom with ah/esp/transport/tunnel and its
>    interaction with things that need to consider
>    IP headers.

The original message on this thread posited the use of AH
for routing protocols. For that use, I would guess that header
bandwidth isn't much of an issue. Consider BGP4 on 2.4 (or
9.6) Gbps links... Ignoring degenerate cases such as route
flaps or broken implementations, just how much routing
traffic is there in most situations where one would want to
use something like AH?

-paul

---

References:

• Re: Deprecation of AH header from the IPSEC tool kit
• From: Michael Thomas <mat@cisco.com>

---

• Prev by Date: Re: Deprecation of AH header from the IPSEC tool kit
• Next by Date: Re: Deprecation of AH header from the IPSEC tool kit
• Prev by thread: Re: Deprecation of AH header from the IPSEC tool kit
• Next by thread: Re: Deprecation of AH header from the IPSEC tool kit
• Index(es):
  • Main
  • Thread