AH or ESP

Jack Kohn kohn.jack at gmail.com
Tue May 26 23:35:47 UTC 2009


>
>
> The delusion that network operators can successfully use unhelpful
> protocols and/or smoke and mirrors to force idealist network design on
> others needs to end.  People use new protocols because they are better.
> If  the benefit of moving to a new protocol does not outweigh the pain
> of moving to it, people don't use it.  That's why the OSI protocols did
> not kill IP like they were supposed to in the 90s, it is why the largely
> forgotten mandated move from Windows to secure OSes (ie, Unix) for all
> government employees never happened, and it is why IPv6 is sputtering.
> If people want to use NAT, they are going to use NAT.  They may stop
> using it if the widespread adoption of peer to peer protocols means they
> are missing out on things other people are doing.  They are not going to
> stop using NAT to use a protocol maliciously designed to break it; they
> will just wait, patiently and nearly always successfully, for somebody
> to come out with a version that has no such malice.  They are certainly
> not going to stop using NAT because somebody tells them they should use
> a security protocol that does not secure anything worth securing.
>
> BitTorrent is a better anti-NAT tool than AH ever will be.  More carrot,
> less stick.
>

I agree. Folks are going to use ESP-NULL if they really want Integrity
Protection ..


> -Dave
>
>



More information about the NANOG mailing list