Re: [IPsec] Preference of ESP over AH in RFC7321bis question.

2017-08-11 Thread Dang, Quynh (Fed) 
I think that would be a very useful document.


Quynh.


From: Paul Wouters <p...@nohats.ca>
Sent: Friday, August 11, 2017 11:05:59 AM
To: Dang, Quynh (Fed)
Cc: ipsec@ietf.org
Subject: Re: [IPsec] Preference of ESP over AH in RFC7321bis question.

On Fri, 11 Aug 2017, Dang, Quynh (Fed) wrote:

> In RFC 7321, we basically said that ESP is preferred over AH. However, that 
> recommendation is not in the current RFC7321bis.
>
> Was that an accidental mistake or because people using AH wanted to remove 
> that recommendation ?

Daniel already responded, but let me add that I'd be happy if the WG
decides to write a a draft-ipsecme-ah-ipcomp-diediedie :)

Paul
___
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Re: [IPsec] Preference of ESP over AH in RFC7321bis question.

2017-08-11 Thread Paul Wouters 

On Fri, 11 Aug 2017, Dang, Quynh (Fed) wrote:


In RFC 7321, we basically said that ESP is preferred over AH. However, that 
recommendation is not in the current RFC7321bis.

Was that an accidental mistake or because people using AH wanted to remove that 
recommendation ?


Daniel already responded, but let me add that I'd be happy if the WG
decides to write a a draft-ipsecme-ah-ipcomp-diediedie :)

Paul

___
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

Re: [IPsec] Preference of ESP over AH in RFC7321bis question.

2017-08-11 Thread Daniel Migault 
Hi Dang,

My understanding is that the usage of AH vs ESP is outside the scope of
recommendations mandatory to implement cryptography. It is mostly a usage
concern. In my view AH and ESP are both mandatory to be implemented and
RFC7321bis limits its scope to the crypto recommendations.


Do you refer to the following text in section 3:

"""

 The IPsec community
   generally prefers ESP with NULL encryption over AH.
"""

Yours,

Daniel


On Fri, Aug 11, 2017 at 10:12 AM, Dang, Quynh (Fed) 
wrote:

> Hi all,
>
>
> In RFC 7321, we basically said that ESP is preferred over AH. However,
> that recommendation is not in the current RFC7321bis.
>
>
> Was that an accidental mistake or because people using AH wanted to remove
> that recommendation ?
>
>
> Thank you,
>
> Quynh.
>
> ___
> IPsec mailing list
> IPsec@ietf.org
> https://www.ietf.org/mailman/listinfo/ipsec
>
>
___
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec

[IPsec] Preference of ESP over AH in RFC7321bis question.

2017-08-11 Thread Dang, Quynh (Fed) 
Hi all,


In RFC 7321, we basically said that ESP is preferred over AH. However, that 
recommendation is not in the current RFC7321bis.


Was that an accidental mistake or because people using AH wanted to remove that 
recommendation ?


Thank you,

Quynh.
___
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec