>>>>> "Jack" == Jack Kohn <[email protected]> writes:
Jack> We all know the different extension headers that exist in
Jack> IPv6.
Jack> You said AH helps in securing IPv6 extension headers. I want
Jack> to understand which extension header did you specifically have
Jack> in mind.
let me ask a different question: what's the savings in obsoleting AH,
given that RFC4301 already makes it optional, and many vendors have
already implemented, tested and deployed the code?
Jack> So, whats the *real* operational risk that youre looking at?
Jack> AH covers the destination IP and the source IP. If somebody
Jack> changes them, IPsec processing will fail at the SPD checks. So
Jack> what do you gain by doing this?
Jack> Again, whats the *real* gain that we get by AH?
AH works for multicast, and could work even when the receiver does not have
the key.
--
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] [email protected] http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec