[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Death to AH (was Re: SA identification)
In message <200103222151.f2MLpVA44060@givry.rennes.enst-bretagne.fr>, Francis D
upont writes:
> In your previous mail you wrote:
>
> When there was discussion about why AH at all, the only real reason that
> I can recollect was that Mobile-IPv6 uses it to protect Binding Updates.
> Well, guess what, AH doesn't really work for them either, as witnessed
> in the WG meeting today.
>
>=> Is this opinion "IPsec is for VPN only" the opinion of the majority
>of the IPsec WG? I know this yours, Jeff's and Henry's too...
>And of course the current market is at 99% in VPNs.
>
I don't agree that IPsec is only for VPNs. I have some projects going
that rely on transport-mode IPsec, and the advent of Windows 2000,
Solaris 2.8, and IPsec on NIC cards will make them much more feasible.
But host-to-host versus VPN is a separate issue than the (desired) life
expectancy of AH. I won't bother restating my opinions on that subject.
--Steve Bellovin, http://www.research.att.com/~smb