[Cryptography] Two quick questions about IPsec AH

[Christian Huitema]

On 1/6/2022 6:42 AM, Phillip Hallam-Baker wrote:
> +1 to the rest of the discussion, but I want to go back to the original
> question:
>
> On Tue, Jan 4, 2022 at 1:33 AM R Perlman<radiajpc at gmail.com>  wrote:
>
>> 1) Is anyone using it, or are they just using ESP?
>>
> I am not sure whether AH is being used, but I rather suspect that it is not
> because of some other design decisions in IPSEC.
>
> IPSEC as specified in the RFCs was simply unusable because it didn't work
> through NAT. The IPSEC authentication included the source address and that
> caused connections to fail through NAT boxes.
>
> I remember sitting in an IPSEC meeting at the Dallas IETF and hearing the
> AD call this 'a feature'. The notion at the time being that NAT was evil
> and it was a good thing if IPSEC didn't work with NAT. That was the first
> time I had heard of NAT (I connected through dialup at home). I went out
> and bought a NAT box the next week so we could share a single telephone
> line and save $30 a month.

Definitely an issue. AH does not work with NAT. ESP mode is better, 
because it does work with some NAT -- those that have been upgraded to 
support it. But then, not all NATs have been, so in practice we end up 
with IPSEC over UDP (RFC 3948), or even SSL VPN.

But yes, I remember long discussions about deployment in environments 
where encrypting the payload was not desirable, and it ends up being 
simpler to use ESP with an AUTH only algorithm than to use AH.

-- Christian Huitema
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20220106/2914e734/attachment.htm>