AH is pretty useless and perhaps should be deprecated

David Barak thegameiam at yahoo.com
Sun Nov 15 01:28:20 UTC 2009

I've seen AH used as a "prove that this hasn't been through a NAT" mechanism.  In this context, it's pretty much perfect.

However, what I don't understand is where the dislike for it originates: if you don't like it, don't run it.  It is useful in certain cases, and it's already in all of the production IPSec implementations.  Why the hate?
David Barak
Need Geek Rock? Try The Franchise: 


More information about the NANOG mailing list