>> Do you remember why consensus wasn't reached? Unless there's a good >> reason, I would like to remove support for AH from Linux. > > The people thought they had good reasons.
Not a good argument - nobody (normally) argues believing his reasons are bad. The real reasons for AH existence have died long ago - and I’ve been there when AH was initially created, so yes I do know. > There were various use cases and saving bytes compared to esp-null mattered. No valid use cases now, AFAIK - and while saving bytes might make some sense, I’d say - not in this case. >> If no one’s using AH then the code is nothing more than a liability and >> maintenance headache. Granted, we don't need formal deprecation of AH >> to do that, but I would prefer to keep Linux and IETF on the same page. And it’s about time to turn that page over. 😉 > I thought Linux didn’t break APIs. You can ask the Linux IPsec maintainer, > he is on this list and will read this too. > My impression was even if the IETF obsoleted it, Linux wouldn't remove it. Let’s hope he’ll jump in. BTW, breaking changes do happen, as I observed myself when I was working with/on Linux. > Those who really care can disable AH at compile time ? IMHO, insufficient - since AH was “blessed” by IETF back then, it needs to be “ub-blessed” by IETF. > Tom > >> >> Paul >> >> >> >>> >>> Thanks, >>> Tom >>> >>> ---------- Forwarded message --------- >>> From: <[email protected]> >>> Date: Wed, Dec 31, 2025 at 11:58 AM >>> Subject: New Version Notification for >>> draft-herbert-deprecate-auth-header-00.txt >>> To: Tom Herbert <[email protected]> >>> >>> >>> A new version of Internet-Draft draft-herbert-deprecate-auth-header-00.txt >>> has >>> been successfully submitted by Tom Herbert and posted to the >>> IETF repository. >>> >>> Name: draft-herbert-deprecate-auth-header >>> Revision: 00 >>> Title: Deprecate IP Authentication Header >>> Date: 2025-12-31 >>> Group: Individual Submission >>> Pages: 14 >>> URL: >>> https://www.ietf.org/archive/id/draft-herbert-deprecate-auth-header-00.txt >>> <https://www.ietf.org/archive/id/draft-herbert-deprecate-auth-header-00.txt> >>> Status: >>> https://datatracker.ietf.org/doc/draft-herbert-deprecate-auth-header/ >>> <https://datatracker.ietf.org/doc/draft-herbert-deprecate-auth-header/> >>> HTMLized: >>> https://datatracker.ietf.org/doc/html/draft-herbert-deprecate-auth-header >>> <https://datatracker.ietf.org/doc/html/draft-herbert-deprecate-auth-header> >>> >>> >>> Abstract: >>> >>> This document deprecates the IP Authentication Header. The >>> motivations are that authentication without confidentiality is not >>> compelling, the Authentication Header is incompatible with some >>> commonly deployed protocols, and there is likely no deployment of >>> Authentication Header. >>> >>> >>> >>> The IETF Secretariat >>> >>> _______________________________________________ >>> IPsec mailing list -- [email protected] >>> To unsubscribe send an email to [email protected] > > _______________________________________________ > IPsec mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
