[IPsec] Moving Authentication Header (AH) to Historic
"Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com> Thu, 29 December 2011 18:51 UTC
Return-Path: <manav.bhatia@alcatel-lucent.com>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id DCC6F21F8B18 for <ipsec@ietfa.amsl.com>;
Thu, 29 Dec 2011 10:51:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.544
X-Spam-Level:
X-Spam-Status: No, score=-6.544 tagged_above=-999 required=5 tests=[AWL=0.055,
BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AI4KSrvCoOuX for
<ipsec@ietfa.amsl.com>; Thu, 29 Dec 2011 10:51:46 -0800 (PST)
Received: from ihemail1.lucent.com (ihemail1.lucent.com [135.245.0.33]) by
ietfa.amsl.com (Postfix) with ESMTP id 56C1221F8AF8 for <IPsec@ietf.org>;
Thu, 29 Dec 2011 10:51:43 -0800 (PST)
Received: from inbansmailrelay2.in.alcatel-lucent.com
(h135-250-11-33.lucent.com [135.250.11.33]) by ihemail1.lucent.com
(8.13.8/IER-o) with ESMTP id pBTIpdi5014308 (version=TLSv1/SSLv3
cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <IPsec@ietf.org>;
Thu, 29 Dec 2011 12:51:42 -0600 (CST)
Received: from INBANSXCHHUB01.in.alcatel-lucent.com
(inbansxchhub01.in.alcatel-lucent.com [135.250.12.32]) by
inbansmailrelay2.in.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id
pBTIpb1C003516 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT) for
<IPsec@ietf.org>; Fri, 30 Dec 2011 00:21:38 +0530
Received: from INBANSXCHMBSA1.in.alcatel-lucent.com ([135.250.12.38]) by
INBANSXCHHUB01.in.alcatel-lucent.com ([135.250.12.32]) with mapi;
Fri, 30 Dec 2011 00:21:37 +0530
From: "Bhatia, Manav (Manav)" <manav.bhatia@alcatel-lucent.com>
To: "IPsec@ietf.org" <IPsec@ietf.org>
Date: Fri, 30 Dec 2011 00:21:34 +0530
Thread-Topic: Moving Authentication Header (AH) to Historic
Thread-Index: AczGWuNIu0K1AGG7T86TG4O9aPf5yg==
Message-ID: <7C362EEF9C7896468B36C9B79200D8350D027BB14E@INBANSXCHMBSA1.in.alcatel-lucent.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.33
Subject: [IPsec] Moving Authentication Header (AH) to Historic
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>,
<mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>,
<mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Dec 2011 18:51:47 -0000
Hi, We have had several discussions in the past about the utility of AH when ESP with NULL encryption offers everything that AH has to offer. I have written a very small draft that recommends moving AH to the Historic status. This document does NOT deprecate AH and it does NOT mean that people should stop using AH now. All it means is that other WGs should use ESP-NULL whenever defining integrity verification mechanisms and should only use AH when authentication cannot be achieved with ESP-NULL. I also discuss a few points that people usually put in favor of AH over ESP and why I think that those are not very relevant. I would love to hear feedback from the WG. The URL for the draft is: http://www.ietf.org/internet-drafts/draft-bhatia-moving-ah-to-historic-00.txt Happy New Year in advance! Cheers, Manav From: internet-drafts@ietf.org To: i-d-announce@ietf.org Reply-to: internet-drafts@ietf.org Subject: I-D Action: draft-bhatia-moving-ah-to-historic-00.txt X-RSN: 1/0/935/40711/44097 A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Moving Authentication Header (AH) to Historic Author(s) : Manav Bhatia Filename : draft-bhatia-moving-ah-to-historic-00.txt Pages : 5 Date : 2011-12-29 This document recommends retiring Authentication Header (AH) and discusses the reasons for doing so. It recommends moving RFC 4302 to Historic status. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-bhatia-moving-ah-to-historic-00.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-bhatia-moving-ah-to-historic-00.txt
- [IPsec] Moving Authentication Header (AH) to Hist… Bhatia, Manav (Manav)
- Re: [IPsec] Moving Authentication Header (AH) to … Melinda Shore
- Re: [IPsec] Moving Authentication Header (AH) to … Yoav Nir
- Re: [IPsec] Moving Authentication Header (AH) to … Jack Kohn
- Re: [IPsec] Moving Authentication Header (AH) to … Melinda Shore
- Re: [IPsec] Moving Authentication Header (AH) to … Venkatesh Sriram
- [IPsec] 答复: Moving Authentication Header (AH) to … Dacheng Zhang(Dacheng)
- Re: [IPsec] 答复: Moving Authentication Header (AH)… Yaron Sheffer
- Re: [IPsec] Moving Authentication Header (AH) to … david.black
- Re: [IPsec] Moving Authentication Header (AH) to … Bhatia, Manav (Manav)
- Re: [IPsec] Moving Authentication Header (AH) to … Nico Williams
- Re: [IPsec] Moving Authentication Header (AH) to … david.black
- Re: [IPsec] Moving Authentication Header (AH) to … Venkatesh Sriram
- Re: [IPsec] Moving Authentication Header (AH) to … Paul Hoffman
- Re: [IPsec] Moving Authentication Header (AH) to … Bhatia, Manav (Manav)
- Re: [IPsec] Moving Authentication Header (AH) to … Paul Hoffman
- [IPsec] Avoiding Authentication Header (AH) (was … Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) (… Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) (… Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) (… Yoav Nir
- Re: [IPsec] Moving Authentication Header (AH) to … Nico Williams