[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Death to AH (was Re: SA identification)

To: Ari Huttunen <Ari.Huttunen@F-Secure.com>
Subject: Re: Death to AH (was Re: SA identification)
From: Jari Arkko <jari.arkko@kolumbus.fi>
Date: Fri, 23 Mar 2001 00:05:28 +0200
Cc: Henry Spencer <henry@spsystems.net>, IP Security List <ipsec@lists.tislabs.com>, tsenevir@nortelnetworks.com
References: <Pine.BSI.3.91.1010322093315.10290F-100000@spsystems.net> <3ABA323A.A3B0DE33@F-Secure.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.17-icclin i686; en-US; m18) Gecko/20001107 Netscape6/6.0

Ari Huttunen wrote:

> 
> 
> Even if AH is not killed at once, a decision by this WG that AH doesn't
> need to go through NATs would help us a lot!
> 
I am in favor of skipping AH for NAT work. Don't drag
all the baggage with you forever. Move on in new work.

Also, this reminds also me of the MPLS DOI presentation where
they were proposing AH and ESP-like functionality for
MPLS. I haven't studied that DOI much, but it seems to
me that providing only ESP-like behaviour would be
sufficient, particularly given that MPLS doesn't perhaps
treat IP headers in any different way in the AH/ESP cases.

Jari

Follow-Ups:

Re: Death to AH (was Re: SA identification)

From: Will Price <wprice@cyphers.net>

References:

Re: SA identification

From: Henry Spencer <henry@spsystems.net>

Death to AH (was Re: SA identification)

From: Ari Huttunen <Ari.Huttunen@F-Secure.com>

Prev by Date: Re: Death to AH (was Re: SA identification)
Next by Date: Re: Death to AH (was Re: SA identification)
Prev by thread: Re: Death to AH (was Re: SA identification)
Next by thread: Re: Death to AH (was Re: SA identification)
Index(es):
- Main
- Thread