I'd like to add a voice of support to this draft. AH adds little except complication to ipsec implementations and confusion to end users.
Regarding ipv4 NATs, they are ubiquitous and will become more so once ipv4 scarcity is realised worldwide (particularly in asia, which is currently the fastest growing global region, and has already reached RIR exhaustion). There was a previous comment about this draft about the NAT/AH issue being a NAT problem rather than an AH problem. Well, yeah, in the purest sense this is true, but we live in the real world and need to work within its limitations. You can apply fixups and ALGs to lots of protocols which are NAT sensitive, but AH is cryptographically incompatible with NAT and this cannot be fixed. I see little value in the IETF formally supporting a protocol which simply cannot work for most end-users on the basis of the access addressing provided. Formal deprecation / designation to historic status is appropriate in this case. Also +1 to the following arguments: - ESP + NULL == substantially equivalent - less mailing list chatter Nick _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
