Tom,
It seems NIST recommends ESP over AH.
You can look at the following 2 emails from Manav and Sriram on the IPsecME WG:
http://www.ietf.org/mail-archive/web/ipsec/current/msg07403.html
http://www.ietf.org/mail-archive/web/ipsec/current/msg07407.html
Jack
On Mon, Jan 2, 2012 at 5:57 AM, TR
As far as real world examples, I know of none that use AH only. All the
operational uses I have seen in use are tunnels.
I would guess that if there are any it would be because some minimally
technical COI rep thought that by using it it would provide some minimalist
support of their
Hi,
I am trying to see if there are people who use AH specially since RFC 4301 has
a MAY for AH and a MUST for ESP-NULL. While operators may not care about a MAY
or a MUST in an RFC, but the IETF protocols and vendors do. So all protocols
that require IPsec for authentication implicitly have a
On Jan 1, 2012, at 7:12 PM, John Smith wrote:
Hi,
I am trying to see if there are people who use AH specially since RFC 4301
has a MAY for AH and a MUST for ESP-NULL. While operators may not care about
a MAY or a MUST in an RFC, but the IETF protocols and vendors do. So all
protocols
(Sigh) Here we go again.
AH is a liability and a baggage that we're carrying over our weary
shoulders. IMO we should have gotten rid of it long time back. There
have been enough emails on multiple forums over this and google is
probably your friend here. The only reason(s) we have AH is because
Sent: Monday, 2 January 2012, 5:57
Subject: Re: Does anybody out there use Authentication Header (AH)?
On Jan 1, 2012, at 7:12 PM, John Smith wrote:
Hi,
I am trying to see if there are people who use AH specially since RFC 4301
has a MAY for AH and a MUST for ESP-NULL. While operators may
It can be used to prevent NAT on an intermediate path, which can be useful
under certain circumstances. I have seen it in the wild, both in Internet and
private networking contexts.
David Barak
I'm using AH for OSPFv2 and OSPFv3 authentication. For OSPFv3, there
is no other option than some kind of IPsec for authentication. I'm
also using it for OSPFv2 so I don't have to maintain multiple
authentication methods and keys for the different protocols.
On Mon, Jan 2, 2012 at 6:27 AM, Chuck Anderson c...@wpi.edu wrote:
I'm using AH for OSPFv2 and OSPFv3 authentication. For OSPFv3, there
is no other option than some kind of IPsec for authentication. I'm
also using it for OSPFv2 so I don't have to maintain multiple
authentication methods and
: Monday, 2 January 2012, 5:57
Subject: Re: Does anybody out there use Authentication Header (AH)?
On Jan 1, 2012, at 7:12 PM, John Smith wrote:
Hi,
I am trying to see if there are people who use AH specially since RFC 4301
has a MAY for AH and a MUST for ESP-NULL. While operators may
On Jan 1, 2012, at 8:34 PM, TR Shaw wrote:
John,
Unlike AH, ESP in transport mode does not provide integrity and
authentication for the entire IP packet. However, in Tunnel Mode, where the
entire original IP packet is encapsulated with a new packet header added,
ESP protection is
The __exact__ same discussion happening on IPsecME WG right now.
http://www.ietf.org/mail-archive/web/ipsec/current/msg07346.html
It seems there is yet another effort being made to retire AH so that
we have less # of options to deal with. This time there is some
support for it ..
Jack
On Mon,
Yes, I know; I'm on that list. John Smith decided to see if
reality matched theory -- always a good thing to do -- and asked
here.
Btw, it's not just this time there is some support for it; AH
was downgraded to MAY in RFC 4301 in 2005.
On Jan 1, 2012, at 8:56 PM, Jack Kohn wrote:
The
13 matches
Mail list logo
