AH or ESP
kohn.jack at gmail.com
Tue May 26 18:35:47 CDT 2009
> The delusion that network operators can successfully use unhelpful
> protocols and/or smoke and mirrors to force idealist network design on
> others needs to end. People use new protocols because they are better.
> If the benefit of moving to a new protocol does not outweigh the pain
> of moving to it, people don't use it. That's why the OSI protocols did
> not kill IP like they were supposed to in the 90s, it is why the largely
> forgotten mandated move from Windows to secure OSes (ie, Unix) for all
> government employees never happened, and it is why IPv6 is sputtering.
> If people want to use NAT, they are going to use NAT. They may stop
> using it if the widespread adoption of peer to peer protocols means they
> are missing out on things other people are doing. They are not going to
> stop using NAT to use a protocol maliciously designed to break it; they
> will just wait, patiently and nearly always successfully, for somebody
> to come out with a version that has no such malice. They are certainly
> not going to stop using NAT because somebody tells them they should use
> a security protocol that does not secure anything worth securing.
> BitTorrent is a better anti-NAT tool than AH ever will be. More carrot,
> less stick.
I agree. Folks are going to use ESP-NULL if they really want Integrity
More information about the NANOG