Re: [IPsec] Avoiding Authentication Header (AH)
Markku Savela <msa@moth.iki.fi> Thu, 05 January 2012 14:26 UTC
Return-Path: <msa@moth.iki.fi>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E31921F87F1 for <ipsec@ietfa.amsl.com>; Thu, 5 Jan 2012 06:26:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aB4OiEolzUGU for <ipsec@ietfa.amsl.com>; Thu, 5 Jan 2012 06:26:04 -0800 (PST)
Received: from moth.iki.fi (moth.iki.fi [212.16.111.74]) by ietfa.amsl.com (Postfix) with ESMTP id 9A08021F87CA for <ipsec@ietf.org>; Thu, 5 Jan 2012 06:26:04 -0800 (PST)
Received: from [130.188.197.233] (unknown [130.188.197.233]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: msa) by moth.iki.fi (Postfix) with ESMTPSA id E43A81E581D for <ipsec@ietf.org>; Thu, 5 Jan 2012 16:26:09 +0200 (EET)
Message-ID: <4F05B2FB.2070007@moth.iki.fi>
Date: Thu, 05 Jan 2012 16:26:03 +0200
From: Markku Savela <msa@moth.iki.fi>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.24) Gecko/20111108 Lightning/1.0b2 Thunderbird/3.1.16
MIME-Version: 1.0
To: ipsec@ietf.org
References: <12533D04-6B3F-490F-935B-4F1FA612C938@gmail.com> <7C362EEF9C7896468B36C9B79200D8350D027BB46F@INBANSXCHMBSA1.in.alcatel-lucent.com> <F1B15794-3291-4E71-BE26-A3559F408B01@gmail.com> <7C362EEF9C7896468B36C9B79200D8350D027BB484@INBANSXCHMBSA1.in.alcatel-lucent.com> <23AFA108-5B72-4CB0-8498-6CC27FC79F96@gmail.com> <CAA1nO734gfXYJLeLU9iYxoArPZJ3Xo3MsXy0Rt9zgoTciBCZbQ@mail.gmail.com> <CAK3OfOg0Gsxxf8T66XNVLHtR1Tk9yHFDGw96tr0UkEh6x5uYpQ@mail.gmail.com> <48CB2A9F-D59C-462F-8C7A-82127A217703@gmail.com> <7C362EEF9C7896468B36C9B79200D8350D028A2AE4@INBANSXCHMBSA1.in.alcatel-lucent.com> <20229.44292.629825.7429@fireball.kivinen.iki.fi>
In-Reply-To: <20229.44292.629825.7429@fireball.kivinen.iki.fi>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [IPsec] Avoiding Authentication Header (AH)
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ipsec>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2012 14:26:05 -0000
I don't understand why this discussion is needed. AH is end-to-end, and the transformations to be used for the connection are negotiated with key negotiation and configured policies. If end points don't want to use AH for whatever reason (like not implemented), they are not asking it. If end points decide to us it, they have it implemented, it is their business and it should be irrelevant for any intermediate node (for deep onboxious packet inspection, skipping AH is trivial matter).
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Paul Hoffman
- Re: [IPsec] Avoiding Authentication Header (AH) Venkatesh Sriram
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Dan Harkins
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- Re: [IPsec] Avoiding Authentication Header (AH) Michael Richardson
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) RJ Atkinson
- [IPsec] WESP and reliability Paul Hoffman
- Re: [IPsec] WESP and reliability RJ Atkinson
- Re: [IPsec] WESP and reliability Paul Hoffman
- Re: [IPsec] Avoiding Authentication Header (AH) Dan Harkins
- Re: [IPsec] WESP and reliability Yaron Sheffer
- Re: [IPsec] Avoiding Authentication Header (AH) Nico Williams
- Re: [IPsec] WESP and reliability Bhatia, Manav (Manav)
- Re: [IPsec] WESP and reliability Jack Kohn
- Re: [IPsec] Avoiding Authentication Header (AH) Sean Turner
- Re: [IPsec] WESP and reliability Yaron Sheffer
- Re: [IPsec] Avoiding Authentication Header (AH) Yaron Sheffer
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Tero Kivinen
- Re: [IPsec] Avoiding Authentication Header (AH) Tero Kivinen
- Re: [IPsec] Avoiding Authentication Header (AH) Markku Savela
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Tero Kivinen
- Re: [IPsec] Avoiding Authentication Header (AH) Yoav Nir
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Bhatia, Manav (Manav)
- Re: [IPsec] Avoiding Authentication Header (AH) Panos Kampanakis