nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AH is pretty useless and perhaps should be deprecated

From: Luca Tosolini <bit.gossip () chello nl>
Date: Sat, 14 Nov 2009 08:37:26 +0100
Junos VRRP with md5 authentication does.....

On Sat, 2009-11-14 at 07:57 +0530, Jack Kohn wrote:

So who uses AH and why?

Jack

On Sat, Nov 14, 2009 at 6:19 AM, Owen DeLong <owen () delong com> wrote:

I've never seen anyone use AH vs. ESP.  I've always used ESP and so has
every other IPSEC implementation I've seen anyone do.

Owen

On Nov 13, 2009, at 4:22 PM, Jack Kohn wrote:


Hi,

Interesting discussion on the utility of Authentication Header (AH) in
IPSecME WG.

http://www.ietf.org/mail-archive/web/ipsec/current/msg05026.html

Post explaining that AH even though protecting the source and
destination IP addresses is really not good enough.

http://www.ietf.org/mail-archive/web/ipsec/current/msg05056.html

What do folks feel? Do they see themselves using AH in the future?
IMO, ESP and WESP are good enough and we dont need to support AH any
more ..

Jack
Previous By Date Next
Previous By Thread Next

Current thread: