At 1:56 AM -0500 11/15/11, Steven Bellovin wrote:
On Nov 13, 2011, at 4:30 PM, Vilhelm Jutvik wrote:
> De...
The notion of discarding AH entirely has been discussed for many years.
I've long been in favor of it, though I can't find a copy of anything old I
had posted in my mail archives at the moment. The counter-argument
-- and again, it's been presented many times over many years -- is that
AH protects some IP options. That's useless in IPv4; the assertion is
that it's important in IPv6.
4301 deprecates AH, by making support for it a MAY, vs. a MUST for
ESP, as part of a compliant IPsec implementation.
Steve
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
