Re: [IPsec] Avoiding Authentication Header (AH)

[RJ Atkinson <rja.lists@gmail.com>]

On 04  Jan 2012, at 00:49 , Nico Williams wrote:
> Advising (and updating said advice as circumstances change)
> use-IPsec protocol designers as to when to use ESP and/or
> AH is something we should do.  

This has already been done.  More than once.
For a start, the latest IPsec RFCs contain advice.  
There are also other RFCs with such advice, 
including a relatively recent BCP on use of IPsec.  

There is no evidence of any recent change either 
to the operational circumstances or to the available 
alternatives.  So no update is appropriate at this time.

> Deprecating AH seems like a nice idea, but if there's good
> reasons to still use it, then maybe not.

There are deployments now and have been deployments 
all along -- and those deployments don't have any
alternatives to AH.

> In 2012 the use of manually keyed unicast SAs with
> group shared keys is not exactly impressive (because not scalable).  

Actually, that assumption is not valid.  There are 
multiple approaches to scalability available now.  

An obvious example is to use a KDC to distribute keys.  
Another example is to use existing provisioning systems 
to provision keys.  ISPs have a wide range of provisioning 
systems, often locally developed.  Enterprise users vary 
-- larger enterprises often have provisioning systems; 
smaller enterprise users less often (although their scale 
is also smaller).  Many enterprise equipment vendors 
offer centralised management platforms that include
provisioning capability, often multi-vendor provisioning
capability.  There is also a standards-based approach
to configuration/provisioning -- using NetConf.  There
are even approaches that use RADIUS to distribute wrapped
keys.  

Yours,

Ran