Re: Failure of AH (was: Manual PMTUD [was ...rfc2460bis-08])

Michael Richardson <> Mon, 20 March 2017 14:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 850BA1294B2 for <>; Mon, 20 Mar 2017 07:17:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id eXIi0TdkS2ts for <>; Mon, 20 Mar 2017 07:17:57 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9138B13149A for <>; Mon, 20 Mar 2017 07:17:57 -0700 (PDT)
Received: from ( [IPv6:2607:f0b0:f:2::247]) by (Postfix) with ESMTP id A7ED52009E; Mon, 20 Mar 2017 10:41:19 -0400 (EDT)
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id 18446636BB; Mon, 20 Mar 2017 10:17:56 -0400 (EDT)
From: Michael Richardson <>
To: Christian Huitema <>
cc: Brian E Carpenter <>, 6man WG <>
Subject: Re: Failure of AH (was: Manual PMTUD [was ...rfc2460bis-08])
In-Reply-To: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
X-Mailer: MH-E 8.6; nmh 1.6+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Mon, 20 Mar 2017 10:17:56 -0400
Message-ID: <>
Archived-At: <>
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 20 Mar 2017 14:17:59 -0000

Christian Huitema <> wrote:
    > On 3/19/2017 11:39 AM, Michael Richardson wrote:
    >> The failure of AH across the Internet has nothing to do with the AH
    >> construct itself.  It has to do with the failure to establish any kind
    >> of useable Internet-wide trust infrastructure anchored in ownership of
    >> IP addresses.

    > It also has to do with the undesirability of using IP addresses as long
    > term identifiers. The concept of "trust infrastructure" implies some
    > degree of stability in the identifiers. This is exactly what you don't
    > want if you are concerned with privacy.

That's a good additional reason why we can't build long-term trust on IP
addresses.   Short-term trust (for durations of minutes to a few hours)
does not seem to be as big an issue.  Afterall, we do this all the time
with TCP SYN/ACK three way handshake.

And, notice that I didn't actually say that... I said "in ownership of IP
addresses"... I would prefer to be able to map IP address-->ASN, and
then see how that could map to an operator's public key.  And then
throw in v6PD and homenet users, and...

(hey, stop laughing! A crypto-geek can dream, can't he?)

The point is that AH for protection of headers is dead because we don't have
one of those.  And if you aren't protecting headers, then you can/should use
ESP. (or as people actually do: TLS)

So I'm just not worried about breaking AH.

Michael Richardson <>, Sandelman Software Works
 -= IPv6 IoT consulting =-