[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Death to AH (was Re: SA identification)
Francis Dupont writes:
> In your previous mail you wrote:
>
> When there was discussion about why AH at all, the only real reason that
> I can recollect was that Mobile-IPv6 uses it to protect Binding Updates.
> Well, guess what, AH doesn't really work for them either, as witnessed
> in the WG meeting today.
>
> => Is this opinion "IPsec is for VPN only" the opinion of the majority
> of the IPsec WG? I know this yours, Jeff's and Henry's too...
> And of course the current market is at 99% in VPNs.
Well, I certainly don't make that assumption,
but I think that the real question -- especially
now -- is is there anything in the IP header before
ESP that's worth protecting. MIP was the previous
poster child. Does anybody have a new candidate?
Mike
References: