Hi Eric, > + Note that RFC 8221 considers AH itself to be "NOT RECOMMENDED". It is > + better to use ESP only, using an AEAD cipher such as AES-GCM.
What's NOT RECOMMENDED according to the RFC is the combination of ESP+AH (i.e. use ESP only for confidentiality and AH for authentication), not AH by itself (although the RFC keeps ENCR_NULL as a MUST because ESP with NULL encryption is generally preferred over AH due to NATs). Regards, Tobias
