I support deprecating AH. — Regards, Uri Secure Resilient Systems and Technologies MIT Lincoln Laboratory
> On Dec 31, 2025, at 19:04, Tom Herbert <[email protected]> > wrote: > > !-------------------------------------------------------------------| > This Message Is From an External Sender > This message came from outside the Laboratory. > |-------------------------------------------------------------------! > >> On Wed, Dec 31, 2025 at 3:50 PM Paul Wouters >> <[email protected]> wrote: >> >> >>>> On Dec 31, 2025, at 17:22, Tom Herbert >>>> <[email protected]> wrote: >>> >>> Happy New Year! >>> >>> I've posted a new draft that would formally deprecate the IP >>> Authentication Header. Any comments are appreciated. >> >> We tried that in 2017 with RFC 8221 and failed. >> I doubt much has changed since then. > > Hi Paul, > > Do you remember why consensus wasn't reached? Unless there's a good > reason, I would like to remove support for AH from Linux. If no one's > using AH then the code is nothing more than a liability and > maintenance headache. Grant it, we don't need formal deprecation of AH > to do that but I would prefer to keep Linux and IETF on the same page. > > Tom > >> >> Paul >> >> >> >>> >>> Thanks, >>> Tom >>> >>> ---------- Forwarded message --------- >>> From: <[email protected]> >>> Date: Wed, Dec 31, 2025 at 11:58 AM >>> Subject: New Version Notification for >>> draft-herbert-deprecate-auth-header-00.txt >>> To: Tom Herbert <[email protected]> >>> >>> >>> A new version of Internet-Draft draft-herbert-deprecate-auth-header-00.txt >>> has >>> been successfully submitted by Tom Herbert and posted to the >>> IETF repository. >>> >>> Name: draft-herbert-deprecate-auth-header >>> Revision: 00 >>> Title: Deprecate IP Authentication Header >>> Date: 2025-12-31 >>> Group: Individual Submission >>> Pages: 14 >>> URL: >>> https://www.ietf.org/archive/id/draft-herbert-deprecate-auth-header-00.txt >>> Status: >>> https://datatracker.ietf.org/doc/draft-herbert-deprecate-auth-header/ >>> HTMLized: >>> https://datatracker.ietf.org/doc/html/draft-herbert-deprecate-auth-header >>> >>> >>> Abstract: >>> >>> This document deprecates the IP Authentication Header. The >>> motivations are that authentication without confidentiality is not >>> compelling, the Authentication Header is incompatible with some >>> commonly deployed protocols, and there is likely no deployment of >>> Authentication Header. >>> >>> >>> >>> The IETF Secretariat >>> >>> _______________________________________________ >>> IPsec mailing list -- [email protected] >>> To unsubscribe send an email to [email protected] > > _______________________________________________ > IPsec mailing list -- [email protected] > To unsubscribe send an email to [email protected]
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
