Re: AH is pretty useless and perhaps should be deprecated

About Merit

Services

Network

Resources & Support

Network Research

News

Events

Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Re: AH is pretty useless and perhaps should be deprecated

From: Mohacsi Janos
Date: Sun Nov 15 01:59:20 2009

List-archive: <http://mailman.nanog.org/mailman/nanog>
List-help: <mailto:nanog-request@nanog.org?subject=help>
List-id: North American Network Operators Group <nanog.nanog.org>
List-post: <mailto:nanog@nanog.org>
List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>,<mailto:nanog-request@nanog.org?subject=subscribe>
List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>,<mailto:nanog-request@nanog.org?subject=unsubscribe>



On Sat, 14 Nov 2009, Jack Kohn wrote:

Hi,

Interesting discussion on the utility of Authentication Header (AH) in
IPSecME WG.

http://www.ietf.org/mail-archive/web/ipsec/current/msg05026.html

Post explaining that AH even though protecting the source and
destination IP addresses is really not good enough.

http://www.ietf.org/mail-archive/web/ipsec/current/msg05056.html

What do folks feel? Do they see themselves using AH in the future?
IMO, ESP and WESP are good enough and we dont need to support AH any
more ..


They are planning to make OSPFv3 IPSec authentication useless?
Best Regards,
	Janos Mohacsi

Follow-Ups:
- Re: AH is pretty useless and perhaps should be deprecated Merike Kaeo

References:
- AH is pretty useless and perhaps should be deprecated Jack Kohn

Prev by Date: Re: AH is pretty useless and perhaps should be deprecated
Next by Date: Re: Layer 2 vs. Layer 3 to TOR
Date Index
Thread Index
Author Index
Historical