Hi Jack On Nov 23, 2011, at 1:24 AM, Jack Kohn wrote:
> As per RFC 4301 implementing AH is a MAY and ESP a MUST. Given that > most of what is achieved by AH can be easily achieved by ESP-NULL, is > there a possibility that AH may get deprecated in the future. Should > new protocols or mechanisms be defined in IETF that depend solely upon > AH to be supported? Hard for us to predict what future RFCs might do. There is no particular security problem with using AH. It lives up to its security claims, so I doubt a future RFC will actually deprecate it. Having said that, there may be a future RFC moving AH (RFC 4302) to historic. Moving AH to historic doesn't mean that you should stop using AH right now. It only means that in the opinion of the community there are now better alternatives. Even if such a document is adopted, it does not mean you can't bring new work to the IETF that will require or enhance AH. It just means that you will probably need to do a lot of explaining about why that is really needed. A section entitled "Why ESP-NULL is not a good option here" would do. Yoav _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
