[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Death to AH (was Re: SA identification)



Francis Dupont writes:
 >  In your previous mail you wrote:
 > 
 >    When there was discussion about why AH at all, the only real reason that
 >    I can recollect was that Mobile-IPv6 uses it to protect Binding Updates.
 >    Well, guess what, AH doesn't really work for them either, as witnessed
 >    in the WG meeting today.
 >    
 > => Is this opinion "IPsec is for VPN only" the opinion of the majority
 > of the IPsec WG? I know this yours, Jeff's and Henry's too...
 > And of course the current market is at 99% in VPNs.

   Well, I certainly don't make that assumption,
   but I think that the real question -- especially
   now -- is is there anything in the IP header before
   ESP that's worth protecting. MIP was the previous
   poster child. Does anybody have a new candidate?

		 Mike


References: