AH is pretty useless and perhaps should be deprecated

Owen DeLong owen at delong.com
Sat Nov 14 00:49:40 UTC 2009

I've never seen anyone use AH vs. ESP.  I've always used ESP and so has
every other IPSEC implementation I've seen anyone do.


On Nov 13, 2009, at 4:22 PM, Jack Kohn wrote:

> Hi,
> Interesting discussion on the utility of Authentication Header (AH) in
> http://www.ietf.org/mail-archive/web/ipsec/current/msg05026.html
> Post explaining that AH even though protecting the source and
> destination IP addresses is really not good enough.
> http://www.ietf.org/mail-archive/web/ipsec/current/msg05056.html
> What do folks feel? Do they see themselves using AH in the future?
> IMO, ESP and WESP are good enough and we dont need to support AH any
> more ..
> Jack

More information about the NANOG mailing list