[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Protocols that refer AH (was: Death to AH)

To: "'IP Security List'" <ipsec@lists.tislabs.com>
Subject: Re: Protocols that refer AH (was: Death to AH)
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Thu, 29 Mar 2001 21:29:13 -0500
In-reply-to: Your message of "Mon, 26 Mar 2001 16:52:51 EST." <000001c0b63f$1b9d1c50$1e72788a@andrewk3.ca.newbridge.com>
Sender: owner-ipsec@lists.tislabs.com


 >>>>> "Andrew" == Andrew Krywaniuk <andrew.krywaniuk@alcatel.com> writes:
     Andrew> Michael asked "why do VPN vendors implement AH?" The answer is because it is
     Andrew> perceived to be necessary. Various literature on deploying VPNs talks about
     Andrew> it. If we don't have AH then our solution may fail the "checkbox test."

   So, why are we deprecating a protocol that may very well have future uses
to make passing the checkbox test easier? The simplest action is to remove
that checkbox. (Paul Hoffman? Bob? Jon McCown? You listening...)

   Perhaps someone wants to write a "VPN BCP" and be done with it.

] Train travel features AC outlets with no take-off restrictions|gigabit is no[
]   Michael Richardson, Solidum Systems   Oh where, oh where has|problem  with[
]     mcr@solidum.com   www.solidum.com   the little fishy gone?|PAX.port 1100[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

References:

RE: Protocols that refer AH (was: Death to AH)

From: "Andrew Krywaniuk" <andrew.krywaniuk@alcatel.com>

Prev by Date: Re: SCTP and IPsec issues
Next by Date: FreeS/WAN RedHat compilation Problems
Prev by thread: RE: Protocols that refer AH (was: Death to AH)
Next by thread: Re: Protocols that refer AH (was: Death to AH)
Index(es):
- Main
- Thread