nanog mailing list archives
Re: AH is pretty useless and perhaps should be deprecated
From: Merike Kaeo <kaeo () merike com>
Date: Fri, 13 Nov 2009 21:09:42 -0800
If I recall correctly what an implementor once told me, the work involved in taking the fields that are immutable, then hashing packet, then sticking those immutable fields back in is actually more work than encrypting. Surprised me at the time but seems to be the case.
- merike On Nov 13, 2009, at 7:09 PM, sfouant () shortestpathfirst net wrote:
I've seen some vendor implementations in which ESP actually outperformed AH during performance testing... go figure...Stefan Fouant ------Original Message------ From: Jack Kohn To: nanog () nanog org Subject: AH is pretty useless and perhaps should be deprecated Sent: Nov 13, 2009 7:22 PM Hi, Interesting discussion on the utility of Authentication Header (AH) in IPSecME WG. http://www.ietf.org/mail-archive/web/ipsec/current/msg05026.html Post explaining that AH even though protecting the source and destination IP addresses is really not good enough. http://www.ietf.org/mail-archive/web/ipsec/current/msg05056.html What do folks feel? Do they see themselves using AH in the future? IMO, ESP and WESP are good enough and we dont need to support AH any more .. Jack Sent from my Verizon Wireless BlackBerry
Current thread:
- Re: AH is pretty useless and perhaps should be deprecated, (continued)
- Re: AH is pretty useless and perhaps should be deprecated Steven Bellovin (Nov 16)
- Re: AH is pretty useless and perhaps should be deprecated David Barak (Nov 16)
- RE: AH is pretty useless and perhaps should be deprecated Adam Stasiniewicz (Nov 14)
- Re: AH is pretty useless and perhaps should be deprecated Steven Bellovin (Nov 14)
- Re: AH is pretty useless and perhaps should be deprecated David Barak (Nov 14)
- Re: AH is pretty useless and perhaps should be deprecated Steven Bellovin (Nov 14)
- Re: AH is pretty useless and perhaps should be deprecated Marshall Eubanks (Nov 15)
- Re: AH is pretty useless and perhaps should be deprecated Steven Bellovin (Nov 14)
- Re: AH is pretty useless and perhaps should be deprecated Merike Kaeo (Nov 15)
- Re: AH is pretty useless and perhaps should be deprecated Merike Kaeo (Nov 13)