I don't understand why this discussion is needed.

AH is end-to-end, and the transformations to be used
for the connection are negotiated with key negotiation
and configured policies.

If end points don't want to use AH for whatever
reason (like not implemented), they are not asking it.

If end points decide to us it, they have it implemented,
it is their business and it should be irrelevant for any
intermediate node (for deep onboxious packet inspection,
skipping AH is trivial matter).

_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec

Reply via email to