[Cryptography] Two quick questions about IPsec AH

[William Allen Simpson]

On 1/4/22 5:37 PM, Perry E. Metzger wrote:
> On 1/4/22 14:01, Dan McDonald wrote:

>> Both AH and ESP were originally designed as part of the IPng effort (SIP, then SIPP, then IPv6 in NRL's case), but AH and ESP were the first IPng features to be backported to IPv4.  They were NOT the last, however.
> 

As another example, Mobile IP was originally designed for SIP[P] IPv6, and
backported to IPv4 after an interim meeting at Qualcomm.  Karn and I then
incorporated PPP, IPv4, and Mobile IPv4 into CTIA IS-99 (CDMA cellphones).

Rough consensus and running code.


> Bill Simpson has discussed the history of this in another message, but yes, I think all of that was the result of backporting.
> 
> As I remember, during the big hallway meeting in Toronto during which IPsec was largely hashed out, there was a point where Ran Atkinson (with near glee) noted that we'd steered ourselves to precisely the design decisions that had led him to the 
> corresponding designs from IPv6, which we then more or less broke down and formally absorbed.
> 

That hallway BoF was in July 1994.  Again, an indication of the official IPsec WG
disfunction.  Yet the IESG's chosen chair was unwilling to accept the IPv6 effort,
even though we had running code.  At the next meeting in San Jose, he promised his
drafts would be ready in a month.  Didn't happen.  That's why Perry called me.

A good thing, in retrospect.  We'd thought Simpler IP Plus (SIPP) with 64-bit
addresses and integrated Autonomous System Numbers would have been widely deployed
in a few years.  Instead, after the IESG's 128-bit debacle, we still don't have
widespread IPv6 deployment.  If not for the backport to IPv4, IPsec would be
totally irrelevant.  As opposed to marginally relevant today.