I don't understand why this discussion is needed. AH is end-to-end, and the transformations to be used for the connection are negotiated with key negotiation and configured policies.
If end points don't want to use AH for whatever reason (like not implemented), they are not asking it. If end points decide to us it, they have it implemented, it is their business and it should be irrelevant for any intermediate node (for deep onboxious packet inspection, skipping AH is trivial matter). _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
