Re: Death to AH (was Re: SA identification)

[Henry Spencer <henry@spsystems.net>]

On Fri, 23 Mar 2001, Francis Dupont wrote:
>    In fact, I don't understand why you think that "death to AH!" means
>    "IPsec is for VPN only"...
> 
> => I don't know if you were in the mobile-ip room this morning but
> this was very clear (if you weren't I believe the slides will be
> available soon).

No, I wasn't there -- I'm still in Toronto.  I'm skeptical of the assertion
that non-VPN applications are impossible without AH; our analysis, at least
for our particular applications, shows no such connection.

I would believe that people might think Mobile IP -- that is, one
*particular* non-VPN application -- is impossible without AH.  (I think
they're probably wrong, but this more-specific claim is far more
plausible, and deserves careful attention.)

I would also believe that careless people might think that anything which
isn't Mobile IP is a VPN.  That's wrong, but perhaps not obviously so.

> As no IPsec people did object to Jeff's written claims
> about what IPsec can/should use for, I assume they are right...

The question is, how many IPsec people were present?

                                                          Henry Spencer
                                                       henry@spsystems.net

---

Follow-Ups:

• Re: Death to AH (was Re: SA identification)
• From: "Marcus Leech" <mleech@nortelnetworks.com>

References:

• Re: Death to AH (was Re: SA identification)
• From: Francis Dupont <Francis.Dupont@enst-bretagne.fr>

---

• Prev by Date: Re: Death to AH (was Re: SA identification)
• Next by Date: Re: Death to AH (was Re: SA identification)
• Prev by thread: Re: Death to AH (was Re: SA identification)
• Next by thread: Re: Death to AH (was Re: SA identification)
• Index(es):
  • Main
  • Thread