If ESP and AH continue to co-exist then I see the following happening:
(i) standard for feature foo1 using ESP-NULL + SW effort + QA effort +
interop effort(ii) standard for feature foo1 using AH + SW effort + QA
effort + interop effort(iii) standard for feature foo2 using ESP-NULL
+ SW effort + QA effort + interop effort(iv) standard for feature foo2
using AH + SW effort + QA effort + interop effort..(iii) standard for
feature foo'n' using ESP-NULL + SW effort + QA effort + interop
effort(iv) standard for feature foo'n' using AH + SW effort + QA
effort + interop effort
Now, i am willing to live with this if the security offered by AH and
ESP-NULL is significantly different. I dont see why we should have
this complication if ESP-NULL can do everything that AH has to offer.
Why should the operators learn managing ESP and AH when both do the
same?
RFC 4301, by declaring ESP as a MUST and AH as a MAY has already set
the context. I dont see why vendors and everybody else in the food
chain should spend cycles on AH, if its not bringing anything
substantial on the table?
I dont think the draft in question says that AH is bad and should be
deprecated. It merely says that WGs should be circumspect when
mandating AH since its likely that most people are using ESP-NULL and
you dont want to unnecessarily add complexity in people's lives for no
good reason.
Sriram
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to