[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Death to AH (was Re: SA identification)
On Thu, 22 Mar 2001, Francis Dupont wrote:
> When there was discussion about why AH at all, the only real reason that
> I can recollect was that Mobile-IPv6 uses it to protect Binding Updates.
> Well, guess what, AH doesn't really work for them either...
>
> => Is this opinion "IPsec is for VPN only" the opinion of the majority
> of the IPsec WG? I know this yours, Jeff's and Henry's too...
It's certainly not the opinion of the FreeS/WAN project. Our current
users mostly run VPNs, but our long-term objectives are elsewhere. We
think AH is just as useless and undesirable for non-VPN applications as it
is for VPN applications. In fact, I don't understand why you think that
"death to AH!" means "IPsec is for VPN only"; they seem to me like two
completely separate issues.
Henry Spencer
henry@spsystems.net
Follow-Ups:
References: