On Dec 29, 2011, at 9:25 PM, Melinda Shore wrote: > It seems to me that the NAT problem is a *NAT* problem, not an AH > problem.
I disagree with this. Section 3.3.3.1.1.1 of RFC 4302 lists source IP address and destination IP address as immutable fields. This may be true in some idealized Internet where the end-to-end principle applies. It is definitely not true in our Internet, where NATs are everywhere. > I'd want to hear from the wireless guys that they think > ESP NULL is a reasonable substitute for AH, too. I'd like to hear that as well. My company removed AH from our (non wireless) product in 2003. We have yet to hear a complaint about this. > More generally the only reason I can see for moving something to > historic is if it's not implemented and the environment has changed > sufficiently so that it probably shouldn't be implemented. The environment has changed since 1995. NATs are ubiquitous now. > Don't think > AH is there yet and I don't think it's a win to push more stuff into > the publication queue. I'm not really against this but I'm definitely > not in support of it. I think it is a win to reduce the number of ways to accomplish the same goal. That is why I was opposed to the publication of RFC 6467. It encourages having multiple password methods. That is why the scep draft has an intended status of "historic", even though I would guess that SCEP is more widely implemented and deployed than both the standards-track protocols combined. Moving AH to historic can point implementers and other working groups in a single direction. Yoav _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
