AH is pretty useless and perhaps should be deprecated
Joel Jaeggli
joelja at bogus.com
Mon Nov 16 06:17:29 UTC 2009
Bill Fehring wrote:
> On Sun, Nov 15, 2009 at 20:48, Joel Jaeggli <joelja at bogus.com> wrote:
>> Owen DeLong wrote:
>>> I've never seen anyone use AH vs. ESP.
>> OSPFv3?
>
> Maybe I'm asking a dumb question, but why would one prefer AH over ESP
> for OSPFv3?
Header protection... still doesn't provide replay protection, your
mileage may vary
http://tools.ietf.org/html/draft-ietf-opsec-routing-protocols-crypto-issues-02
> RFC4552:
> "In order to provide authentication to OSPFv3, implementations MUST
> support ESP and MAY support AH."
>
> -Bill
>
More information about the NANOG
mailing list