AH is pretty useless and perhaps should be deprecated

Owen DeLong owen at delong.com
Fri Nov 13 18:49:40 CST 2009


I've never seen anyone use AH vs. ESP.  I've always used ESP and so has
every other IPSEC implementation I've seen anyone do.

Owen

On Nov 13, 2009, at 4:22 PM, Jack Kohn wrote:

> Hi,
>
> Interesting discussion on the utility of Authentication Header (AH) in
> IPSecME WG.
>
> http://www.ietf.org/mail-archive/web/ipsec/current/msg05026.html
>
> Post explaining that AH even though protecting the source and
> destination IP addresses is really not good enough.
>
> http://www.ietf.org/mail-archive/web/ipsec/current/msg05056.html
>
> What do folks feel? Do they see themselves using AH in the future?
> IMO, ESP and WESP are good enough and we dont need to support AH any
> more ..
>
> Jack





More information about the NANOG mailing list