IETF Logo Mail Archive

Re: About AH (was Re: [Errata Held for Document Update] RFC8200 (5933))

Tom Herbert <tom@herbertland.com> Tue, 03 March 2020 21:25 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF69A3A0A01 for <ipv6@ietfa.amsl.com>; Tue, 3 Mar 2020 13:25:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aK7f1BkbgBXR for <ipv6@ietfa.amsl.com>; Tue, 3 Mar 2020 13:25:55 -0800 (PST)
Received: from mail-ed1-x544.google.com (mail-ed1-x544.google.com [IPv6:2a00:1450:4864:20::544]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 732953A09FE for <ipv6@ietf.org>; Tue, 3 Mar 2020 13:25:55 -0800 (PST)
Received: by mail-ed1-x544.google.com with SMTP id y3so6219434edj.13 for <ipv6@ietf.org>; Tue, 03 Mar 2020 13:25:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=SKbNcmjU69UYMyXcTQNZJc0ZvJ5QDRfLqad13/WOmr8=; b=OIoXgTkxwd5nkitHIqA4+dAOQuhnuvi9rpI+POhthfJqomvV6Mu5oCYO/ctpLQrg9N HosmjBJduA5sDC3V28osSLuvSkhu4DjNp2evfCcoeUx58aYWlnX6d48MMTIHgBVVz35h +an9sjDdh0AXp3Z7GuNsboyp0ZyDv6WNjef3/DE85vfTNpOwQ3cG32B8+BBStGAruF0E wt28niufAhLqlr7yIClL6pCA0MCF4x8U0LYzDc2ZwvHCzKqDkygwidbYxAAJa/iA9eLg ndDoJscYJYCXQ8S2s+IarDV0NrMr21Iebvmeq/84LzTwavZ4+lJ261f/CS4vAGOw4vSe gOuw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SKbNcmjU69UYMyXcTQNZJc0ZvJ5QDRfLqad13/WOmr8=; b=mF7SKmSG7kgbEgsuOkA2KeIUB16JI/KwYRXd7E3A7xNeLeS6AnQrnunVRd+oVILGpt Eopbpgrj5e04K+aQDwKs8oi/i+y5eL7PIf1ztDGhQSNrCjK8Oci6hOjBswtvNLGfArhE 9nh5ll6ltUUKz67c0ubIoGDTRbNz55d/aQRKqADV+hY8sJWPJlAuna5I1GJ5BBLL/69X llZOx65sszl8Sp2idJAK3RQR7KNXGMas98u5V/b8+C86Jswc1sPZUSp3PyWMF9nilJcS ipBYJZMc7QfGd292t8zBJLK4eE0d4jegbjfWmK01uu+yHmxm0TufwY8VxZa3Zysd/irG ES3w==
X-Gm-Message-State: ANhLgQ2yZ4AKt1cHIrL4eThTlwct4kq7pQ5Yl3BzzE0GtdhVw3CwUmgW K+9eJy6AxVH2L8f0W0bmRTzpjsKn5Ql2Mns1uguEUhHxNCQ=
X-Google-Smtp-Source: ADFU+vtDy3BLdc3dFonKkZzQYsg+Asm8Ik5tOpYa4rv961zZmPf3gF8j0R894nF70SoJN3Ql1vLPI+Atx/6oCniaZPE=
X-Received: by 2002:a50:9e2e:: with SMTP id z43mr515676ede.241.1583270753819; Tue, 03 Mar 2020 13:25:53 -0800 (PST)
MIME-Version: 1.0
References: <FE156CF2-3C58-43A3-A858-E25FE38C322B@cisco.com> <12656.1583267228@localhost> <deffa1ba-3ee6-892d-4ab0-dfa888738867@gmail.com> <c1a85219-9fa5-e3bf-7106-4cc8bc4ebd89@foobar.org>
In-Reply-To: <c1a85219-9fa5-e3bf-7106-4cc8bc4ebd89@foobar.org>
From: Tom Herbert <tom@herbertland.com>
Date: Tue, 03 Mar 2020 13:25:42 -0800
Message-ID: <CALx6S35j-sueX1V=aLTqE0eyKnaLfSGpMghbpqLOMrr+Jtm+KQ@mail.gmail.com>
Subject: Re: About AH (was Re: [Errata Held for Document Update] RFC8200 (5933))
To: Nick Hilliard <nick@foobar.org>
Cc: Brian E Carpenter <brian.e.carpenter@gmail.com>, Michael Richardson <mcr+ietf@sandelman.ca>, "suresh.krishnan@gmail.com" <suresh.krishnan@gmail.com>, "ipv6@ietf.org" <ipv6@ietf.org>, "Eric Vyncke (evyncke)" <evyncke=40cisco.com@dmarc.ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/7ND6beGTjPSEgAqMMHTOW_yTqjo>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Mar 2020 21:25:57 -0000

On Tue, Mar 3, 2020 at 1:18 PM Nick Hilliard <nick@foobar.org> wrote:
>
> Brian E Carpenter wrote on 03/03/2020 21:13:
> > Exactly. Why it isn't Historic is a mystery to me, but out of scope for these WGs.
>
> it's been suggested several times on ipsec@, but the idea lacked
> consensus to move forward - the general take was that header integrity
> is still occasionally important. As an observation, SRv6 may be one of
> those situations.
>
Which seems to be the case given that SRH defines its own header
security in the form of the HMAC TLV in the header (which we have been
no reason to believe will be any more useful or deployed than AH).

Tom

> Nick
>
> --------------------------------------------------------------------
> IETF IPv6 working group mailing list
> ipv6@ietf.org
> Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6
> --------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email