[Cryptography] Two quick questions about IPsec AH

Perry E. Metzger perry at piermont.com
Tue Jan 4 17:37:17 EST 2022 

On 1/4/22 14:01, Dan McDonald wrote:
> On Jan 3, 2022, at 10:21 PM, R Perlman <radiajpc at gmail.com> wrote:
>> 1) Is anyone using it, or are they just using ESP?
> Most use ESP.  AH was specified separately for two reasons:
>
> 1.) Easier to export if that part of the govt. got their knickers in a twist.

This was really the primary motivation. The thought was, based on things 
like the precedent of the Kerberos "Bones" release, that having 
operating systems have hooks for IPsec at all and having most of the 
machinery be exportable would mean that, if necessary, people outside 
the United States would be able to independently implement the rest. At 
this point that consideration is now long since past, but at the time 
export controls were really at the forefront of everyone's mind.

I don't think anyone at the time really thought AH was useful in and of 
itself, though we weren't particularly loud about that for obvious 
reasons, and often people produced pro forma explanations of the 
usefulness of AH on its own to justify its existence.

> 2.) It was a belief at the time (mid/early 90s) that source routing header attacks were a thing and that AH would help protect against them.  It was, in hindsight, a mistaken belief.

I suspect that, for the most part, any such belief was because it was 
convenient to believe AH had other applications given that it was 
desired for export regulation reasons.

>
>> 2) The length field in AH is expressed in units of 4 bytes, and AH in general was made to look like an IPv6 extension header, but IPv6 extension headers have the length expressed in multiples of 8 bytes.  Is there an interesting story there?
> I'd have to go through my notes... I joined NRL not long after those were specified, and I may have some historical context.  ISTR it might have something to do with making it IPv4 compatible.... yeah, as I type that, it makes more sense.
>
> Both AH and ESP were originally designed as part of the IPng effort (SIP, then SIPP, then IPv6 in NRL's case), but AH and ESP were the first IPng features to be backported to IPv4.  They were NOT the last, however.

Bill Simpson has discussed the history of this in another message, but 
yes, I think all of that was the result of backporting.

As I remember, during the big hallway meeting in Toronto during which 
IPsec was largely hashed out, there was a point where Ran Atkinson (with 
near glee) noted that we'd steered ourselves to precisely the design 
decisions that had led him to the corresponding designs from IPv6, which 
we then more or less broke down and formally absorbed.

Perry

More information about the cryptography mailing list