IETF Logo Mail Archive

Re: [IPsec] Avoiding Authentication Header (AH)

RJ Atkinson <rja.lists@gmail.com> Tue, 03 January 2012 00:04 UTC

Return-Path: <rja.lists@gmail.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E12311E8094 for <ipsec@ietfa.amsl.com>; Mon, 2 Jan 2012 16:04:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02lye+2wQD5r for <ipsec@ietfa.amsl.com>; Mon, 2 Jan 2012 16:04:40 -0800 (PST)
Received: from mail-qw0-f51.google.com (mail-qw0-f51.google.com [209.85.216.51]) by ietfa.amsl.com (Postfix) with ESMTP id 6D65B11E8073 for <ipsec@ietf.org>; Mon, 2 Jan 2012 16:04:40 -0800 (PST)
Received: by qadz3 with SMTP id z3so10360385qad.10 for <ipsec@ietf.org>; Mon, 02 Jan 2012 16:04:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:content-type:content-transfer-encoding:subject:date:message-id :to:mime-version:x-mailer; bh=PTnhroQwhrnThl3bBxrwm4bXjkM0/HOUULhGe9O0Jdw=; b=AJbRHBD628F/KQQknq8GFEEwXeloeeo/8BjbGDiWogHdIsJB5qSyoLjnorpa9DPhwx qAgGMLNZTozE+S+xSSNVyGkKLo/v34ijPmp8vFouZ3BthzoiQVamujXw3oOligQTxYKR Tegy9GtDLmbX9S/lZ0xZxytKl6hi16CLYW9FY=
Received: by 10.224.205.4 with SMTP id fo4mr1373589qab.35.1325549079962; Mon, 02 Jan 2012 16:04:39 -0800 (PST)
Received: from [10.30.20.12] (pool-96-225-134-175.nrflva.fios.verizon.net. [96.225.134.175]) by mx.google.com with ESMTPS id el7sm96103852qab.16.2012.01.02.16.04.38 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 02 Jan 2012 16:04:39 -0800 (PST)
From: RJ Atkinson <rja.lists@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Date: Mon, 02 Jan 2012 19:04:37 -0500
Message-Id: <51F52A9C-C160-4E5A-A250-1805B96411C0@gmail.com>
To: IPsec ME WG List <ipsec@ietf.org>
Mime-Version: 1.0 (Apple Message framework v1251.1)
X-Mailer: Apple Mail (2.1251.1)
Subject: Re: [IPsec] Avoiding Authentication Header (AH)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Jan 2012 00:04:41 -0000

Earlier, Dan Harkins wrote, in part:
> Honestly, if a WG is not paying attention to RFC 4301,
> then what makes you think they're gonna pay attention 
> to a random individual submission ?
> 
> I don't have any particular love for AH but this effort 
> is really lacking in one thing: a problem to solve. 
> 
> On the one hand, we're being told that the effort is 
> necessary because WGs developing a "standard for protocol foo" 
> need to be instructed on how to obtain integrity protection,
> but we're also being told that discouraging AH is OK 
> because no one (in NANOG) is using it and it's a MAY anyway. 
> 
> These seem to be somewhat contradictory to me --
> either no one's using it and we have a solution 
>        in search of a problem;
> or, someone's using it and it would probably be a problem
>     to restrict its use in the future.

+1

v2.23.0 | Report a Bug | By Email