Re: AH is pretty useless and perhaps should be deprecated

On Sat, 14 Nov 2009, Jack Kohn wrote: Hi, Interesting discussion on the utility of Authentication Header (AH) in IPSecME WG. http://www.ietf.org/mail-archive/web/ipsec/current/msg05026.html Post explaining that AH even though protecting the source and destination IP addresses is really not

Re: AH is pretty useless and perhaps should be deprecated

On Nov 14, 2009, at 8:28 PM, David Barak wrote: > I've seen AH used as a "prove that this hasn't been through a NAT" mechanism. > In this context, it's pretty much perfect. > > However, what I don't understand is where the dislike for it originates: if > you don't like it, don't run it. It i

Re: AH is pretty useless and perhaps should be deprecated

I've seen AH used as a "prove that this hasn't been through a NAT" mechanism.  In this context, it's pretty much perfect. However, what I don't understand is where the dislike for it originates: if you don't like it, don't run it.  It is useful in certain cases, and it's already in all of the p

Re: AH is pretty useless and perhaps should be deprecated

On Nov 14, 2009, at 2:46 PM, Adam Stasiniewicz wrote: > I have see AH used in network segmentation. I.e. systems is group A are > configured with rules to require all communication be over AH. Systems in > group B (which have no AH and no appropriate certificates configured) can't > chat with g

RE: AH is pretty useless and perhaps should be deprecated

I have see AH used in network segmentation. I.e. systems is group A are configured with rules to require all communication be over AH. Systems in group B (which have no AH and no appropriate certificates configured) can't chat with group A. The benefit of using AH vs. ESP in this case is twofold

Re: AH is pretty useless and perhaps should be deprecated

I prefer letting the market deprecate things. If no one uses AH, someday the IETF can mark it as "Historic," but long before that there will come a time when no one is interested in doing any more work on it. I was at the IETF IPsec WG meeting (in Los Angeles in the mid-90s) when AH would have died

Re: kaspersky anti-virus tech, with a clue?

Jim Mercer wrote: can anyone point me at a Kaspersky tech with a clue? maybe we can re-craft our login url to not offend the Kaspersky suite. Forwarding. Gadi. -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/

kaspersky anti-virus tech, with a clue?

it seems that kaspersky anti-virus is "detecting" our hotspot captive portal login as a "Trojan-Downloader.Script.Generic". my googling on this seems to indicate that it isn't finding so much a signature, but something in the url that is "suspicious". unfortunately, this is causing some fairly u