I've seen AH used as a "prove that this hasn't been through a NAT" mechanism. In this context, it's pretty much perfect.
However, what I don't understand is where the dislike for it originates: if you don't like it, don't run it. It is useful in certain cases, and it's already in all of the production IPSec implementations. Why the hate? David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com
