On Mon, Jan 5, 2026 at 12:06 AM Antony Antony <[email protected]> wrote: > > On Fri, Jan 02, 2026 at 13:24:51 +0100, Steffen Klassert wrote: > > On Thu, Jan 01, 2026 at 06:13:17AM +0000, Blumenthal, Uri - 0553 - MITLL > > wrote: > > > >> Do you remember why consensus wasn't reached? Unless there's a good > > > >> reason, I would like to remove support for AH from Linux. > > > > > > > > The people thought they had good reasons. > > > > > > > > > Not a good argument - nobody (normally) argues believing his reasons are > > > bad. The real reasons for AH existence have died long ago - and I’ve been > > > there when AH was initially created, so yes I do know. > > > > > > > > > > There were various use cases and saving bytes compared to esp-null > > > > mattered. > > > > > > No valid use cases now, AFAIK - and while saving bytes might make some > > > sense, I’d say - not in this case. > > > > Some people still use it because it authenticates the constant > > fields of the outer IP header, this can't be done with ESP. > > UEC, TSS has some ideas to authenticate parts of IP headers, namely > source address and destination address.
It seems like it would be sufficient to include the addresses in a security association lookup. > So I think there is interest in AH like ideas not that fit most use cases, > while Google PSP use AES GMAC to authenticate payload. > > Personally I would also like to authenticate IPv6 "Flow Label" field along > with > src and dst addresses. This field can used as label such CPU ID or Q id. Unlikely that could be standardized. Flow label is modifiable field (RFC6437). > > Tom: I wonder adding text about AES GMAC would be useful? > I propose text along the lines. > > 1.1.4 Use of NULL Encryption with Authentication > > An alternative to using the Authentication Header (AH) with ESP is to > use ESP with NULL encryption and authentication enabled, e.g. when AEAD > algorithms are used, this can be achieved with suites such as AES-GMAC > [[RFC4543]], which provide integrity protection without confidentiality to > IPsec payload. > > This approach preserves ESP processing semantics while offering > authentication protection only to the payload, this is only partial AH. > It may be useful for operational purposes such as diagnostics or > telemetry using intermediate router, where end-to-end payload > integerity is desired. Existing mechanisms such as PSP have > already incorporated this model. Thanks, will add the text. Tom > > > > > > >> If no one’s using AH then the code is nothing more than a liability and > > > >> maintenance headache. Granted, we don't need formal deprecation of AH > > > >> to do that, but I would prefer to keep Linux and IETF on the same page. > > > > > > And it’s about time to turn that page over. 😉 > > > > I'd be more than happy to get rid of AH in the Linux Kernel, and an > > official deprecation by the IETF would help a lot. > > yes. +1 > > -antony _______________________________________________ IPsec mailing list -- [email protected] To unsubscribe send an email to [email protected]
