Hi Marc, We don't say that. 4301 says that implementations MAY support AH and MUST support ESP.
This creates a problem for implementations if in future a new application or a protocol mandates the use of AH. I will even go a step further and say that newer protocols should just assume ESP-NULL and not even bother with AH if they can do with just ESP. Cheers, Manav -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Wednesday, January 04, 2012 7:46 PM To: Bhatia, Manav (Manav) Cc: Nico Williams; [email protected] Subject: Re: [IPsec] Avoiding Authentication Header (AH) >>>>> "Manav" == Manav Bhatia <Bhatia> writes: Manav> Hi Nico, >> Advising (and updating said advice as circumstances change) >> use-IPsec protocol designers as to when to use ESP and/or AH is >> something we should do. Deprecating AH seems like a nice idea, >> but if there's good reasons to still use it, then maybe not. Manav> We're not talking about deprecating or killing AH. I concede Manav> that I did allude to it in my first draft, but then changed Manav> the tone based on the WG feedback, to say that we should Manav> "avoid" AH wherever possible. This is the status quo already. Why do we need this draft? -- ] He who is tired of Weird Al is tired of life! | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] [email protected] http://www.sandelman.ottawa.on.ca/ |device driver[ Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE> then sign the petition. _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
