It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at list of Internet-Draft Shadow Directories can be accessed at Abstract The Security Considerations sections of many Internet Drafts say, in effect, "just use IPsec".
Also, IPsec's replay protection mechanisms are not available if manual key management is used.
One automated key exchange mechanism is available, Internet Key Exchange (IKE) [RFC2409].
Finally, ESP can be used to provide confidentiality alone, although this is not recommended [Bell96].
The difference in integrity protection offered by AH is that AH protects portions of the preceding IP header, including the source and destination address.
A new, simpler version of IKE is currently being designed.
A second mechanism, Kerberized Internet Negotiation of Keys (KINK) [KINK], is being defined.
Even if it is available, it may not provide the proper granularity of protection.
Finally, if it is available and appropriate, the document mandating it needs to specify just how it is to be used.
Note that other groups may also distribute working documents as Internet- Drafts.