nanog mailing list archives
Re: AH is pretty useless and perhaps should be deprecated
From: Jack Kohn <kohn.jack () gmail com>
Date: Tue, 17 Nov 2009 05:53:39 +0530
I read the draft and its very interesting. There were some issues that i had never imagined could exist and it does a wonderful job of brining them forth. However, i still dont understand why AH would be preferred over ESP-NULL in case of OSPFv3. The draft speaks of issues with replaying the OSPF packets. One could also do these things with AH. Am i missing something? Jack On Mon, Nov 16, 2009 at 11:47 AM, Joel Jaeggli <joelja () bogus com> wrote:
Bill Fehring wrote:On Sun, Nov 15, 2009 at 20:48, Joel Jaeggli <joelja () bogus com> wrote:Owen DeLong wrote:I've never seen anyone use AH vs. ESP.OSPFv3?Maybe I'm asking a dumb question, but why would one prefer AH over ESP for OSPFv3?Header protection... still doesn't provide replay protection, your mileage may vary http://tools.ietf.org/html/draft-ietf-opsec-routing-protocols-crypto-issues-02RFC4552: "In order to provide authentication to OSPFv3, implementations MUST support ESP and MAY support AH." -Bill
Current thread:
- AH is pretty useless and perhaps should be deprecated Jack Kohn (Nov 13)
- Re: AH is pretty useless and perhaps should be deprecated Owen DeLong (Nov 13)
- Re: AH is pretty useless and perhaps should be deprecated Jack Kohn (Nov 13)
- Re: AH is pretty useless and perhaps should be deprecated Luca Tosolini (Nov 13)
- Re: AH is pretty useless and perhaps should be deprecated Thomas Maufer (Nov 14)
- Re: AH is pretty useless and perhaps should be deprecated Joel Jaeggli (Nov 15)
- Re: AH is pretty useless and perhaps should be deprecated Bill Fehring (Nov 15)
- Re: AH is pretty useless and perhaps should be deprecated Joel Jaeggli (Nov 15)
- Re: AH is pretty useless and perhaps should be deprecated Jack Kohn (Nov 16)
- Re: AH is pretty useless and perhaps should be deprecated James Hess (Nov 16)
- Re: AH is pretty useless and perhaps should be deprecated Steven Bellovin (Nov 16)
- Re: AH is pretty useless and perhaps should be deprecated David Barak (Nov 16)
- Re: AH is pretty useless and perhaps should be deprecated Jack Kohn (Nov 13)
- Re: AH is pretty useless and perhaps should be deprecated Owen DeLong (Nov 13)
- Re: AH is pretty useless and perhaps should be deprecated Steven Bellovin (Nov 14)
- Re: AH is pretty useless and perhaps should be deprecated David Barak (Nov 14)
- Re: AH is pretty useless and perhaps should be deprecated Steven Bellovin (Nov 14)
- Re: AH is pretty useless and perhaps should be deprecated Marshall Eubanks (Nov 15)
- Re: AH is pretty useless and perhaps should be deprecated Merike Kaeo (Nov 15)