Why would anyone ever use AH? ESP does it plus more. In other words, why is AH specified? Also, has anyone ever deployed or used AH-only IPSEC?
asked May 25, 2015 at 3:05 Ronnie Smith Ronnie Smith 229 1 1 gold badge 3 3 silver badges 9 9 bronze badgesAuthentication with ESP is only guaranteed over each packet in Tunnel mode. Not transport. So it really depends on the use case which is appropriate.
Commented May 25, 2015 at 3:33That is wrong. ESP can (upon request/configuration) provide authentication and/or encryption in both Tunnel and Transport mode.
Commented Aug 29, 2019 at 15:37AH can be easily inspected by firewalls. ESP with NULL is similar but (AFAIK) the firewall doesn't know that it's the NULL cipher and has no easy way to tell after a connection has been established.
So if you want authentication only then that's a plus for AH.
answered May 25, 2015 at 7:56 StackzOfZtuff StackzOfZtuff 18.2k 1 1 gold badge 52 52 silver badges 86 86 bronze badgesI understand that AH is incompatible with NAT. Based on the feedback so far, it appears that nobody uses AH. Why would they when basic 56 bit DES on ESP probably runs just as easily.
Commented May 25, 2015 at 21:57In my experience, and in EXTREMELY rare cases, I have found a provider or some hop between endpoints that blocks ESP (IP protocol 50). A tunnel successfully establishes, but no traffic gets through. When I see this happen and rule out standard probable causes, I look to AH.
I've used AH to 'prove' that to providers to get them to at least check their end. If it cannot be corrected, it at least provides a transport mechanism in those rare cases where ESP hasn't worked.
answered Jan 27, 2016 at 18:48 31 1 1 bronze badgeOne more reason you might want to use AH and not ESP: Encryption is prohibited for your application.
For example, in Amateur Radio, data links over the licensed spectrum are explicitly prohibited from any encryption. We can use AH, though, as an anti-spoof or to do outright VPN tunneling without breaking the law.
Other countries may have similar issues, and sometimes companies' network policies will prohibit most people from encryption as that blocks their ability to inspect the data.
So in short, there do exists cases where encryption is not desirable or allowed, and AH exists to meet those cases.
answered Nov 15, 2016 at 3:30 Jim Kusznir Jim KusznirEncryption over the wire may not be a requirement or the hardware is incapable of encryption at high rate. On platforms without encryption offload, ESP might tax heavily on control plane.
answered Aug 20, 2017 at 22:44 sdaffa23fdsf sdaffa23fdsf 113 3 3 bronze badgesIPsec was designed in the time when Export Restrictions applied to cryptographic products were much stricter than now.
There was a requirement to ensure that there is no way to hack a deployed application, forcing it to encrypt traffic (within the standard). To satisfy this requirement, the design included:
ESP was designed to accommodate cases where encryption is not desirable. AH was for the cases where one had to guarantee that no matter what the end-user does, enabling/adding encryption to this product would not be possible (again, within the given standard, of course).