Hi, We have had several discussions in the past about the utility of AH when ESP with NULL encryption offers everything that AH has to offer. I have written a very small draft that recommends moving AH to the Historic status. This document does NOT deprecate AH and it does NOT mean that people should stop using AH now. All it means is that other WGs should use ESP-NULL whenever defining integrity verification mechanisms and should only use AH when authentication cannot be achieved with ESP-NULL. I also discuss a few points that people usually put in favor of AH over ESP and why I think that those are not very relevant.
I would love to hear feedback from the WG. The URL for the draft is: http://www.ietf.org/internet-drafts/draft-bhatia-moving-ah-to-historic-00.txt Happy New Year in advance! Cheers, Manav From: [email protected] To: [email protected] Reply-to: [email protected] Subject: I-D Action: draft-bhatia-moving-ah-to-historic-00.txt X-RSN: 1/0/935/40711/44097 A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : Moving Authentication Header (AH) to Historic Author(s) : Manav Bhatia Filename : draft-bhatia-moving-ah-to-historic-00.txt Pages : 5 Date : 2011-12-29 This document recommends retiring Authentication Header (AH) and discusses the reasons for doing so. It recommends moving RFC 4302 to Historic status. A URL for this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-bhatia-moving-ah-to-historic-00.txt Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ This Internet-Draft can be retrieved at: ftp://ftp.ietf.org/internet-drafts/draft-bhatia-moving-ah-to-historic-00.txt _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
