> On Dec 31, 2025, at 19:03, Tom Herbert <[email protected]> > wrote: > > On Wed, Dec 31, 2025 at 3:50 PM Paul Wouters > <[email protected]> wrote: >> >> >>>> On Dec 31, 2025, at 17:22, Tom Herbert >>>> <[email protected]> wrote: >>> >>> Happy New Year! >>> >>> I've posted a new draft that would formally deprecate the IP >>> Authentication Header. Any comments are appreciated. >> >> We tried that in 2017 with RFC 8221 and failed. >> I doubt much has changed since then. > > Hi Paul, > > Do you remember why consensus wasn't reached? Unless there's a good > reason, I would like to remove support for AH from Linux.
The people thought they had good reasons. There were various use cases and saving bytes compared to esp-null mattered. > If no one's > using AH then the code is nothing more than a liability and > maintenance headache. Grant it, we don't need formal deprecation of AH > to do that but I would prefer to keep Linux and IETF on the same page. I thought Linux didn’t break APIs. You can ask the Linux IPsec maintainer, he is on this list and will read this too. My impression was even if the IETF obsoleted it, Linux would t remove it. Those who really care can disable AH at compile time ? Paul > Tom > >> >> Paul >> >> >> >>> >>> Thanks, >>> Tom >>> >>> ---------- Forwarded message --------- >>> From: <[email protected]> >>> Date: Wed, Dec 31, 2025 at 11:58 AM >>> Subject: New Version Notification for >>> draft-herbert-deprecate-auth-header-00.txt >>> To: Tom Herbert <[email protected]> >>> >>> >>> A new version of Internet-Draft draft-herbert-deprecate-auth-header-00.txt >>> has >>> been successfully submitted by Tom Herbert and posted to the >>> IETF repository. >>> >>> Name: draft-herbert-deprecate-auth-header >>> Revision: 00 >>> Title: Deprecate IP Authentication Header >>> Date: 2025-12-31 >>> Group: Individual Submission >>> Pages: 14 >>> URL: >>> https://www.ietf.org/archive/id/draft-herbert-deprecate-auth-header-00.txt >>> Status: >>> https://datatracker.ietf.org/doc/draft-herbert-deprecate-auth-header/ >>> HTMLized: >>> https://datatracker.ietf.org/doc/html/draft-herbert-deprecate-auth-header >>> >>> >>> Abstract: >>> >>> This document deprecates the IP Authentication Header. The >>> motivations are that authentication without confidentiality is not >>> compelling, the Authentication Header is incompatible with some >>> commonly deployed protocols, and there is likely no deployment of >>> Authentication Header. >>> >>> >>> >>> The IETF Secretariat >>> >>> _______________________________________________ >>> IPsec mailing list -- [email protected] >>> To unsubscribe send an email to [email protected] > > _______________________________________________ > IPsec mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
