I've seen some vendor implementations in which ESP actually outperformed AH during performance testing... go figure... Stefan Fouant ------Original Message------ From: Jack Kohn To: nanog@nanog.org Subject: AH is pretty useless and perhaps should be deprecated Sent: Nov 13, 2009 7:22 PM Hi, Interesting discussion on the utility of Authentication Header (AH) in IPSecME WG. http://www.ietf.org/mail-archive/web/ipsec/current/msg05026.html Post explaining that AH even though protecting the source and destination IP addresses is really not good enough. http://www.ietf.org/mail-archive/web/ipsec/current/msg05056.html What do folks feel? Do they see themselves using AH in the future? IMO, ESP and WESP are good enough and we dont need to support AH any more .. Jack Sent from my Verizon Wireless BlackBerry