Jack,
I would have no problem deprecating AH in the context of the IPsec
architecture document, if others agree. It is less efficient than
ESP-NULL. However, other WGs have cited AH as the IPsec protocol of
choice for integrity/authentication in their environments, so there
will be a need to coordinate with them, and it may be unacceptable to
kill AH as a standalone protocol for them.
I am not comfortable with the notion of ESP with WESP. WESP adds
more per-packet overhead than ESP, and some users are very sensitive
to this aspect of IPsec use. Also, other WG rely on ESP and we would
need to convince them that the packet inspection features of WESP
merit making changes to their standards, which might be a tough sell.
So, I cannot support this suggestion.
Steve
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
