[Cryptography] Two quick questions about IPsec AH

William Allen Simpson william.allen.simpson at gmail.com
Tue Jan 4 15:39:55 EST 2022 

On 1/3/22 10:21 PM, R Perlman wrote:
> 1) Is anyone using it, or are they just using ESP?
> 
> 2) The length field in AH is expressed in units of 4 bytes, and AH in general was made to look like an IPv6 extension header, but IPv6 extension headers have the length expressed in multiples of 8 bytes.  Is there an interesting story there?
> 

When we tried to have an IPsec BOF in San Diego (Mar 1992), the IAB
refused to allow it to be scheduled.  We learned that Steve Kent
intervened with staff to prevent the BoF.  So Phil Karn organized
lunch meetings, where I first met others (such as JI) who later
were the originators of this list.

When I started what became the IPv6 working group (my PIPE was the
original proposal and reserved version number 6 with IANA), I'd also
insisted that security would be a requirement.  Thus, the security
headers were all designed for IPv6.

ESP was designed first (next header 50).  AH (51) came later.  Ran
Atkinson was a major proponent of AH.

Later, after the official IPsec WG had utterly bogged down in discord,
Perry Metzger called me at home, and we backported the IPv6 drafts for
IPv4 over the holidays.

These were the *Troublemakers* drafts.

IIRC, because these were now for both IPv4 and IPv6, we had to change
the length field to match IPv4 32-bit alignment.

===

Network Working Group                                          P Metzger
Internet Draft                                               W A Simpson
expires in six months                                       January 1995


                     IPv4 Authentication Header (4AH)
                        draft-ietf-ipsec-ah-00.txt

...

Troublemakers            expires in six months                  [Page 1]

===

Network Working Group                                          P Metzger
Internet Draft                                               W A Simpson
expires in six months                                       January 1995


                IPv4 Encapsulating Security Payload (4ESP)
                       draft-ietf-ipsec-esp-00.txt

...

Troublemakers            expires in six months                  [Page 1]

    Acknowledgements

       The original text of this specification was derived from work by
       Ran Atkinson for the SIP, SIPP, and IPv6 Working Groups.

       Many of the concepts here are derived from or were influenced by
       the US Government's SP3 security protocol specification [1], the
       ISO/IEC's NLSP specification [2,5], and the proposed swIPe
       security protocol [3,4].

       The use of DES for confidentiality is closely modeled on the work
       done for SNMPv2 [7].

...

Troublemakers            expires in six months                  [Page 8]

More information about the cryptography mailing list