Re: [IPsec] Avoiding Authentication Header (AH)
RJ Atkinson <rja.lists@gmail.com> Tue, 03 January 2012 00:04 UTC
Return-Path: <rja.lists@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E12311E8094 for <ipsec@ietfa.amsl.com>; Mon, 2 Jan 2012 16:04:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02lye+2wQD5r for <ipsec@ietfa.amsl.com>; Mon, 2 Jan 2012 16:04:40 -0800 (PST)
Received: from mail-qw0-f51.google.com (mail-qw0-f51.google.com [209.85.216.51]) by ietfa.amsl.com (Postfix) with ESMTP id 6D65B11E8073 for <ipsec@ietf.org>; Mon, 2 Jan 2012 16:04:40 -0800 (PST)
Received: by qadz3 with SMTP id z3so10360385qad.10 for <ipsec@ietf.org>; Mon, 02 Jan 2012 16:04:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:content-type:content-transfer-encoding:subject:date:message-id :to:mime-version:x-mailer; bh=PTnhroQwhrnThl3bBxrwm4bXjkM0/HOUULhGe9O0Jdw=; b=AJbRHBD628F/KQQknq8GFEEwXeloeeo/8BjbGDiWogHdIsJB5qSyoLjnorpa9DPhwx qAgGMLNZTozE+S+xSSNVyGkKLo/v34ijPmp8vFouZ3BthzoiQVamujXw3oOligQTxYKR Tegy9GtDLmbX9S/lZ0xZxytKl6hi16CLYW9FY=
Received: by 10.224.205.4 with SMTP id fo4mr1373589qab.35.1325549079962; Mon, 02 Jan 2012 16:04:39 -0800 (PST)
Received: from [10.30.20.12] (pool-96-225-134-175.nrflva.fios.verizon.net. [96.225.134.175]) by mx.google.com with ESMTPS id el7sm96103852qab.16.2012.01.02.16.04.38 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 02 Jan 2012 16:04:39 -0800 (PST)
From: RJ Atkinson <rja.lists@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Date: Mon, 02 Jan 2012 19:04:37 -0500
Message-Id: <51F52A9C-C160-4E5A-A250-1805B96411C0@gmail.com>
To: IPsec ME WG List <ipsec@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1251.1)
X-Mailer: Apple Mail (2.1251.1)
Subject: Re: [IPsec] Avoiding Authentication Header (AH)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2012 00:04:41 -0000
Earlier, Dan Harkins wrote, in part: > Honestly, if a WG is not paying attention to RFC 4301, > then what makes you think they're gonna pay attention > to a random individual submission ? > > I don't have any particular love for AH but this effort > is really lacking in one thing: a problem to solve. > > On the one hand, we're being told that the effort is > necessary because WGs developing a "standard for protocol foo" > need to be instructed on how to obtain integrity protection, > but we're also being told that discouraging AH is OK > because no one (in NANOG) is using it and it's a MAY anyway. > > These seem to be somewhat contradictory to me -- > either no one's using it and we have a solution > in search of a problem; > or, someone's using it and it would probably be a problem > to restrict its use in the future. +1
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Paul Hoffman
- Re: [IPsec] Avoiding Authentication Header (AH) Venkatesh Sriram
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Dan Harkins
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- [IPsec] WESP and reliability Paul Hoffman
- Re: [IPsec] WESP and reliability RJ Atkinson
- Re: [IPsec] WESP and reliability Paul Hoffman
- Re: [IPsec] Avoiding Authentication Header (AH) Dan Harkins
- Re: [IPsec] WESP and reliability Yaron Sheffer
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] WESP and reliability Bhatia, Manav (Manav)
- Re: [IPsec] WESP and reliability Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Sean Turner
- Re: [IPsec] WESP and reliability Yaron Sheffer
- Re: [IPsec] Avoiding Authentication Header (AH) Yaron Sheffer
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Tero Kivinen
- Re: [IPsec] Avoiding Authentication Header (AH) Tero Kivinen
- Re: [IPsec] Avoiding Authentication Header (AH) Markku Savela
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Tero Kivinen
- Re: [IPsec] Avoiding Authentication Header (AH) Yoav Nir
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Panos Kampanakis