AH is pretty useless and perhaps should be deprecated

Joel Jaeggli joelja at bogus.com
Mon Nov 16 06:17:29 UTC 2009

Bill Fehring wrote:
> On Sun, Nov 15, 2009 at 20:48, Joel Jaeggli <joelja at bogus.com> wrote:
>> Owen DeLong wrote:
>>> I've never seen anyone use AH vs. ESP.
>> OSPFv3?
> Maybe I'm asking a dumb question, but why would one prefer AH over ESP
> for OSPFv3?

Header protection... still doesn't provide replay protection, your
mileage may vary


> RFC4552:
> "In order to provide authentication to OSPFv3, implementations MUST
> support ESP and MAY support AH."
> -Bill

More information about the NANOG mailing list