nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AH is pretty useless and perhaps should be deprecated

From: Joel Jaeggli <joelja () bogus com>
Date: Mon, 16 Nov 2009 15:17:29 +0900


Bill Fehring wrote:

On Sun, Nov 15, 2009 at 20:48, Joel Jaeggli <joelja () bogus com> wrote:

Owen DeLong wrote:

I've never seen anyone use AH vs. ESP.

OSPFv3?


Maybe I'm asking a dumb question, but why would one prefer AH over ESP
for OSPFv3?


Header protection... still doesn't provide replay protection, your
mileage may vary

http://tools.ietf.org/html/draft-ietf-opsec-routing-protocols-crypto-issues-02


RFC4552:
"In order to provide authentication to OSPFv3, implementations MUST
support ESP and MAY support AH."

-Bill
Previous By Date Next
Previous By Thread Next

Current thread: