Recall that the goal is realistic, interoperable security.Specifying, as the only security mechanism, a configuration which is unavailable to -- and hence unusable by -- a majority of the user community is tantamount to saying "turn off security".
draft-bellovin-useipsec-02Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups.
Note that other groups may also distribute working documents as Internet- Drafts.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time.
Even if it is available, it may not provide the proper granularity of protection.
Finally, if it is available and appropriate, the document mandating it needs to specify just how it is to be used.
It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at list of Internet-Draft Shadow Directories can be accessed at
Abstract The Security Considerations sections of many Internet Drafts say, in effect, "just use IPsec".
(ESP is generally regarded as easier to implement; however, virtually all IPsec packages support both.) If confidentiality is required, ESP must be used.
It is possible to use AH in conjunction with ESP, but this combination is rarely required.
While this is sometimes correct, more often it will leave users without real, interoperable security mechanisms.