[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Simplifying IKE



 In your previous mail you wrote:

=> note I am not the authors of the AH for IPv4 source routing idea
(which was given as a *historical* suggested main use of AH).
So don't blame me if your poll shows AH is not used for that
(I'll be very surprised if you get another answer :-).
PS: don't blame Dan McDonald (the real author) too because
he made very clear in his mail that the idea was an "old motivator".
BTW to forward Dan's whole message to ISP/ops (i.e. NANOG) is
still interesting because if the IPv4 source routing is dead
this is not (yet?) the case for the IPv6 one.

   There are "ISP/ops" types on this list.  I do not know of anyone using AH
   for securing source-routed packets being used for debugging.  In fact I know
   of very few people using AH for *anything*.  I have forwarded the question
   to the NANOG (North American Network Operators Group).  I will summarize
   replies and forward to the IPSEC mailing list.

=> please do this for the complete original message.

   Also, I think that keeping
   transport mode is important.  One common VPN application for transport mode
   is securing IP in IP tunnels (see draft-touch-ipsec-vpn-01.txt).
   
=> I believe there will be more opposition to remove transport mode
than AH. BTW the current task  (and the name of the thread) is to clean up
IKE only (and we can say it needs this :-).

Regards

Francis.Dupont@enst-bretagne.fr


References: