[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Death to AH (was Re: SA identification)
On Fri, 23 Mar 2001, Pekka Nikander wrote:
> ...for me the exact reason for killing AH seems unclear...
> Or am I missing something, and the problem with AH is something
> completely different?
It adds substantial complexity to IPsec -- a set of protocols which is
already too complex (an especially bad thing in a security system) -- for
little or no benefit. That's the big one.
The awkward implementation, and the incompatibilities with things like
NAT, are significant but definitely secondary issues.
Henry Spencer
henry@spsystems.net
References: