AH is pretty useless and perhaps should be deprecated

Thomas Maufer tmaufer at gmail.com
Sat Nov 14 18:59:57 UTC 2009

I prefer letting the market deprecate things. If no one uses AH, someday the
IETF can mark it as "Historic," but long before that there will come a time
when no one is interested in doing any more work on it. I was at the IETF
IPsec WG meeting (in Los Angeles in the mid-90s) when AH would have died
except once Microsoft strongly endorsed it, everyone else took the anti-MSFT
viewpoint. Also, don't confuse "almost no one uses" for "no one uses" -- if
AH is useful for someone, there is no harm in having a spec that tells them
how to do it, and hopefully that spec is well written such that they can
interoperate with other implementations.

AH is less efficient than ESP because you have to buffer a whole packet
prior to calculating the Integrity Check Value that goes in the AH [header],
which goes at the front. The calculations you have to do involve parts of
the packet that are both before and after the AH [header], including the
packet's payload. Once you calculate the Integrity Check Value (ICV) you
then stuff it in the appropriate part of the AH and send the packet.

ESP's cryptographic goodness is appended at the end (and the packet is
encrypted up until that point), and you can be doing a running cryptographic
algorithm as the packet is streamed out (encrypted after the IP header and
ESP header), then append the right amount of padding and the ESP "trailer"
at the end.

This site has some nice graphical depictions of AH and ESP (including the
tunnel-mode vs. transport-mode that I didn't touch on:


On Fri, Nov 13, 2009 at 18:27, Jack Kohn <kohn.jack at gmail.com> wrote:

> So who uses AH and why?
> Jack
> On Sat, Nov 14, 2009 at 6:19 AM, Owen DeLong <owen at delong.com> wrote:
> > I've never seen anyone use AH vs. ESP.  I've always used ESP and so has
> > every other IPSEC implementation I've seen anyone do.
> >
> > Owen
> >
> > On Nov 13, 2009, at 4:22 PM, Jack Kohn wrote:
> >
> >> Hi,
> >>
> >> Interesting discussion on the utility of Authentication Header (AH) in
> >> IPSecME WG.
> >>
> >> http://www.ietf.org/mail-archive/web/ipsec/current/msg05026.html
> >>
> >> Post explaining that AH even though protecting the source and
> >> destination IP addresses is really not good enough.
> >>
> >> http://www.ietf.org/mail-archive/web/ipsec/current/msg05056.html
> >>
> >> What do folks feel? Do they see themselves using AH in the future?
> >> IMO, ESP and WESP are good enough and we dont need to support AH any
> >> more ..
> >>
> >> Jack
> >
> >

More information about the NANOG mailing list