Tom, It seems NIST recommends ESP over AH.
You can look at the following 2 emails from Manav and Sriram on the IPsecME WG: http://www.ietf.org/mail-archive/web/ipsec/current/msg07403.html http://www.ietf.org/mail-archive/web/ipsec/current/msg07407.html Jack On Mon, Jan 2, 2012 at 5:57 AM, TR Shaw <ts...@oitc.com> wrote: > > On Jan 1, 2012, at 7:12 PM, John Smith wrote: > >> Hi, >> >> I am trying to see if there are people who use AH specially since RFC 4301 >> has a MAY for AH and a MUST for ESP-NULL. While operators may not care about >> a MAY or a MUST in an RFC, but the IETF protocols and vendors do. So all >> protocols that require IPsec for authentication implicitly have a MAY for AH >> and a MUST for ESP-NULL. >> >> Given that there is hardly a difference between the two, I am trying to >> understand the scenarios where people might want to use AH? OR is it that >> people dont care and just use what their vendors provide them? >> >> Regards, >> John > > AH provides for connectionless integrity and data origin authentication and > provides protection against replay attacks. Many US Gov departments that > have to follow NIST and do not understand what this means require it between > internal point-to-point routers between one portion of their organization and > another adding more expense for no increase in operational security. > > If you are following NIST or DCID-63, this is required to meet certain > integrity requirements > > ESP provides confidentiality, data origin authentication, connectionless > integrity, an anti-replay service, and limited traffic flow > confidentiality. EG AH portion provides for the integrity requirement and > the ESP encryption provides for the confidentiality requirement of NIST. > > Think of AH that it is like just signing a PGPMail and ESP as signing and > encrypting a PGPMail. > > There are reasons for both. > > Tom > >
