AH is pretty useless and perhaps should be deprecated
joelja at bogus.com
Mon Nov 16 00:17:29 CST 2009
Bill Fehring wrote:
> On Sun, Nov 15, 2009 at 20:48, Joel Jaeggli <joelja at bogus.com> wrote:
>> Owen DeLong wrote:
>>> I've never seen anyone use AH vs. ESP.
> Maybe I'm asking a dumb question, but why would one prefer AH over ESP
> for OSPFv3?
Header protection... still doesn't provide replay protection, your
mileage may vary
> "In order to provide authentication to OSPFv3, implementations MUST
> support ESP and MAY support AH."
More information about the NANOG