[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Death to AH (was Re: SA identification)

To: IP Security List <ipsec@lists.tislabs.com>
Subject: Re: Death to AH (was Re: SA identification)
From: Henry Spencer <henry@spsystems.net>
Date: Fri, 23 Mar 2001 09:24:12 -0500 (EST)
In-Reply-To: <200103230752.QAA06353@isl.rdc.toshiba.co.jp>
Sender: owner-ipsec@lists.tislabs.com

On Fri, 23 Mar 2001, FUKUMOTO Atsushi wrote:
> > (Note, for example, IESG's recently-expressed doubts about
> > whether the authentication requirements of Binding Updates can really be
> > met using AH.)
> 
> I have read it as a doubt to the use of IPSec in general, rather than
> AH alone...  Was I wrong?

You are correct, but you've missed the implication:  this is an alleged
"requirement for AH" which, on closer examination, cannot actually be
satisfied by AH (or ESP).  So it's not a requirement for AH at all, and
cannot be used to justify keeping AH.

                                                          Henry Spencer
                                                       henry@spsystems.net

Follow-Ups:

Re: Death to AH (was Re: SA identification)

From: Stephen Kent <kent@bbn.com>

References:

Re: Death to AH (was Re: SA identification)

From: FUKUMOTO Atsushi <fukumoto@isl.rdc.toshiba.co.jp>

Prev by Date: Re: Death to AH (was Re: SA identification)
Next by Date: RE: Death to AH (was Re: SA identification)
Prev by thread: Re: Death to AH (was Re: SA identification)
Next by thread: Re: Death to AH (was Re: SA identification)
Index(es):
- Main
- Thread