Re: NATs *ARE* evil!

 In your previous mail you wrote:

   While I wouldn't go quite that far, I've been saying for years that the 
   IP header doesn't need any authentication if we have IPsec.

=> this is not true for IPv6 extension headers or IPv4 options.

   ... in a note explaining why I thought AH was useless

=> you can argue this for IPv4, not for IPv6 where extension headers
are really used. Many times some of us tried to remove AH, many times
we vote to keep it: this topics should be in the "oh not this again" list
of IETF and IPsec mailing lists.

Regards

Francis(_dot_)Dupont(_at_)enst-bretagne(_dot_)fr

PS: "NATs are evil" should be in too (:-)!

<Prev in Thread]	Current Thread	[Next in Thread>
*Re: NATs ARE* evil!*, (continued)* *Re: NATs ARE* evil!*, Steven M. Bellovin* *Re: NATs ARE* evil!*, Daniel Senie* *Re: NATs ARE* evil!*, Perry E. Metzger* *Re: NATs ARE* evil!*, Sean Doran* *Re: NATs ARE* evil!*, Kevin Farley* *Re: NATs ARE* evil!*, Tony Dal Santo* *Re: NATs ARE* evil!*, Jeffrey Altman* *Re: NATs ARE* evil!*, Geoff Huston* *Re: NATs ARE* evil!*, J. Noel Chiappa* *Re: NATs ARE* evil!*, Steven M. Bellovin* *Re: NATs ARE* evil!*, Francis Dupont* <= *Re: NATs ARE* evil!*, Sean Doran* *Re: NATs ARE* evil!*, Keith Moore* *Re: NATs ARE* evil!*, Kai Henningsen* *Re: NATs ARE* evil!*, Steven M. Bellovin* *Re: NATs ARE* evil!*, Matt Holdrege* *Re: NATs ARE* evil!*, Sean Doran* *Re: NATs ARE* evil!*, Fred Baker* *Re: NATs ARE* evil!*, Keith Moore* *Re: NATs ARE* evil!*, V Guruprasad* *Re: NATs ARE* evil!*, Sean Doran*

Previous by Date:	Re: naming, Sean Doran
Next by Date:	Re: IETF logistics, Frank Kastenholz
Previous by Thread:	*Re: NATs ARE* evil!*, Steven M. Bellovin*
Next by Thread:	*Re: NATs ARE* evil!*, Sean Doran*
Indexes:	[Date] [Thread] [Top] [All Lists]