[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on draft-ietf-ipsec-rfc2402bis-03.txt based on SENDWG experiences

Stephen Kent writes:
> syntax from 2402. Suggesting that we change AH to accommodate SEND's 
> possible use of it, in a fashion not consistent with the current 
> specs, is asking quite a lot.

The SEND is a user of the AH. Are there any other real users for the
AH? In earlier days there was people saying that we should remove the
whole AH as nobody uses. Now there seems to be SEND that is using it,
but they want to do something differently. Do we want to say to our
(only?) user that no we do not allow you to do anything differently?

Do we want them to create another protocol replacing their use of AH?
Another people who have been saying that they want to use AH is Mobile
IP people. What do they want? Is the current spec fine with them or do
the want similar processing than SEND?

Actually they quite often want to do demultiplexing based on the
fields inside the mobility or routing header not the outer IP address.
I.e they might need different demultiplexing algorithm too.

So the real questions are:

Is there any use for the AH as it is now specified?

What are application(s) / protocol(s) which will use it?

If we cannot answer to those questions I think we should drop the
current AH from the IPsec WG and say that SEND/Mobile IP etc can
specify it so that it will be suitable for them :-)

I do not want any generic text saying "someone might want to use it if
the phase of the moon is full and ..., and,... and ... export control
... and ... goverment ... and ...".

I do want current real word example (where the current AH as specified
in the current document) is actually used or is planned to be used. I
do NOT see any use for the AH on the VPNs or road warriors IPsec
SSH Communications Security                  http://www.ssh.fi/
SSH IPSEC Toolkit                            http://www.ssh.fi/ipsec/