IETF Logo Mail Archive

Re: [IPsec] Avoiding Authentication Header (AH)

"Dan Harkins" <dharkins@lounge.org> Thu, 05 January 2012 16:23 UTC

Return-Path: <dharkins@lounge.org>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 411DD21F8667 for <ipsec@ietfa.amsl.com>; Thu, 5 Jan 2012 08:23:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.66
X-Spam-Level:
X-Spam-Status: No, score=-4.66 tagged_above=-999 required=5 tests=[AWL=-0.695, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, MANGLED_TOOL=2.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NWytHP3P3lhJ for <ipsec@ietfa.amsl.com>; Thu, 5 Jan 2012 08:23:00 -0800 (PST)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 9179321F863C for <ipsec@ietf.org>; Thu, 5 Jan 2012 08:22:55 -0800 (PST)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 3AEC7A88810C; Thu, 5 Jan 2012 08:22:54 -0800 (PST)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Thu, 5 Jan 2012 08:22:54 -0800 (PST)
Message-ID: <8ddf32c400110c28909960366274f61f.squirrel@www.trepanning.net>
In-Reply-To: <20229.45642.477101.356308@fireball.kivinen.iki.fi>
References: <7C362EEF9C7896468B36C9B79200D8350D028A2953@INBANSXCHMBSA1.in.alcatel-lucent.com> <6442.1325686562@marajade.sandelman.ca> <7C362EEF9C7896468B36C9B79200D8350D028A2AE5@INBANSXCHMBSA1.in.alcatel-lucent.com> <4F05197A.9090505@ieca.com> <7C362EEF9C7896468B36C9B79200D8350D028A2C92@INBANSXCHMBSA1.in.alcatel-lucent.com> <20229.45642.477101.356308@fireball.kivinen.iki.fi>
Date: Thu, 05 Jan 2012 08:22:54 -0800
From: Dan Harkins <dharkins@lounge.org>
To: Tero Kivinen <kivinen@iki.fi>
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: "ipsec@ietf.org" <ipsec@ietf.org>, "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
Subject: Re: [IPsec] Avoiding Authentication Header (AH)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2012 16:23:01 -0000

On Thu, January 5, 2012 6:23 am, Tero Kivinen wrote:
> Bhatia, Manav (Manav) writes:
[snip]
>> If a WG ends up mandating AH (when ESP could have been used) then
>> Yes it's a problem for everyone, right from the vendors to the
>> users, who have to now support AH too in their products and
>> networks.
>
> If WG wants to mandate AH, and we cannot convince them otherwise,
> having a document which says so does not help. On the other hand if we
> have stealth WG trying to sneak AH past IPsec community, I think they
> will also conviently ignore this document too.
>
> In summary I do not think there is problem, and I do not think we need
> to say anything about AH right now.

  Indeed! I agree 100%. Me too. +1. Etc.

  Dan.

v2.23.0 | Report a Bug | By Email