AH is pretty useless and perhaps should be deprecated

Jack Kohn kohn.jack at gmail.com
Sat Nov 14 00:22:51 UTC 2009


Hi,

Interesting discussion on the utility of Authentication Header (AH) in
IPSecME WG.

http://www.ietf.org/mail-archive/web/ipsec/current/msg05026.html

Post explaining that AH even though protecting the source and
destination IP addresses is really not good enough.

http://www.ietf.org/mail-archive/web/ipsec/current/msg05056.html

What do folks feel? Do they see themselves using AH in the future?
IMO, ESP and WESP are good enough and we dont need to support AH any
more ..

Jack




More information about the NANOG mailing list