On Fri, Jan 02, 2026 at 13:24:51 +0100, Steffen Klassert wrote: > On Thu, Jan 01, 2026 at 06:13:17AM +0000, Blumenthal, Uri - 0553 - MITLL > wrote: > > >> Do you remember why consensus wasn't reached? Unless there's a good > > >> reason, I would like to remove support for AH from Linux. > > > > > > The people thought they had good reasons. > > > > > > Not a good argument - nobody (normally) argues believing his reasons are > > bad. The real reasons for AH existence have died long ago - and I’ve been > > there when AH was initially created, so yes I do know. > > > > > > > There were various use cases and saving bytes compared to esp-null > > > mattered. > > > > No valid use cases now, AFAIK - and while saving bytes might make some > > sense, I’d say - not in this case. > > Some people still use it because it authenticates the constant > fields of the outer IP header, this can't be done with ESP.
UEC, TSS has some ideas to authenticate parts of IP headers, namely source address and destination address. So I think there is interest in AH like ideas not that fit most use cases, while Google PSP use AES GMAC to authenticate payload. Personally I would also like to authenticate IPv6 "Flow Label" field along with src and dst addresses. This field can used as label such CPU ID or Q id. Tom: I wonder adding text about AES GMAC would be useful? I propose text along the lines. 1.1.4 Use of NULL Encryption with Authentication An alternative to using the Authentication Header (AH) with ESP is to use ESP with NULL encryption and authentication enabled, e.g. when AEAD algorithms are used, this can be achieved with suites such as AES-GMAC [[RFC4543]], which provide integrity protection without confidentiality to IPsec payload. This approach preserves ESP processing semantics while offering authentication protection only to the payload, this is only partial AH. It may be useful for operational purposes such as diagnostics or telemetry using intermediate router, where end-to-end payload integerity is desired. Existing mechanisms such as PSP have already incorporated this model. > > > >> If no one’s using AH then the code is nothing more than a liability and > > >> maintenance headache. Granted, we don't need formal deprecation of AH > > >> to do that, but I would prefer to keep Linux and IETF on the same page. > > > > And it’s about time to turn that page over. 😉 > > I'd be more than happy to get rid of AH in the Linux Kernel, and an > official deprecation by the IETF would help a lot. yes. +1 -antony _______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
