AH is pretty useless and perhaps should be deprecated
Owen DeLong
owen at delong.com
Sat Nov 14 00:49:40 UTC 2009
I've never seen anyone use AH vs. ESP. I've always used ESP and so has
every other IPSEC implementation I've seen anyone do.
Owen
On Nov 13, 2009, at 4:22 PM, Jack Kohn wrote:
> Hi,
>
> Interesting discussion on the utility of Authentication Header (AH) in
> IPSecME WG.
>
> http://www.ietf.org/mail-archive/web/ipsec/current/msg05026.html
>
> Post explaining that AH even though protecting the source and
> destination IP addresses is really not good enough.
>
> http://www.ietf.org/mail-archive/web/ipsec/current/msg05056.html
>
> What do folks feel? Do they see themselves using AH in the future?
> IMO, ESP and WESP are good enough and we dont need to support AH any
> more ..
>
> Jack
More information about the NANOG
mailing list