[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Death to AH (was Re: SA identification)
To add another voice to the chorus - we would certainly like to see AH
removed as a requirement. From our perspective it just adds complexity
without adding much value, and at high speeds, life (IPSEC) is already
complex enough!
Ray Savarda
Director, Hardware Engineering
NetOctave Inc.
-----Original Message-----
From: Will Price [mailto:wprice@cyphers.net]
Sent: Friday, March 23, 2001 3:52 AM
To: IP Security List
Subject: Re: Death to AH (was Re: SA identification)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We would also very much enjoy removing AH for our implementation. It
introduces unnecessary complexity to solve problems which are better
solved in other ways.
As a vendor which has at one time or another implemented both of the
current proposed NAT drafts on an experimental basis, I beg of thee
to leave AH support out, :-)
Jari Arkko wrote:
> Ari Huttunen wrote:
> > Even if AH is not killed at once, a decision by this WG that AH
> > doesn't need to go through NATs would help us a lot!
> >
> I am in favor of skipping AH for NAT work. Don't drag
> all the baggage with you forever. Move on in new work.
>
> Also, this reminds also me of the MPLS DOI presentation where
> they were proposing AH and ESP-like functionality for
> MPLS. I haven't studied that DOI much, but it seems to
> me that providing only ESP-like behaviour would be
> sufficient, particularly given that MPLS doesn't perhaps
> treat IP headers in any different way in the AH/ESP cases.
- --
Will Price, Director of Engineering
PGP Security, Inc.
a division of Network Associates, Inc.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBOrsOqqy7FkvPc+xMEQLisQCgnOS2Bbw4J3PWH6QsJsUt7DkYRXoAoNhW
twHMnxouBmsN9qnLsH26Qf49
=5YVF
-----END PGP SIGNATURE-----
Follow-Ups: