If you've ever tried learning about the IPsec protocol suite, you've probably come away thinking that it's great for tunneling, but it's also really, really complicated. There's a lot going on between the Encapsulating Security Payload (ESP) and Authentication Header (AH) protocols, as well as the tunnel and transport modes.
John Gilmore, one of the founders of the Electronic Frontier Foundation (EFF), described it best:
'The resulting standard was incredibly complicated -- so complex that every real cryptographer who tried to analyze it threw up their hands and said, "We can't even begin to evaluate its security unless you simplify it radically". That simplification never happened.'
Why Is The IPsec Standard So Complicated?
To truly understand, we have to travel back in time to the early 90s. Back then, you couldn't just pull your phone out of your pocket and quickly send encrypted messages through WhatsApp or Signal.
In the olden days there were strict export controls on cryptographic technology. It was regulated alongside munitions for the purpose of national security. This may seem strange until you consider just how vital secure communications are for winning wars.
IPsec was standardized in the early 1990s, at a time when it was legal to export cryptographic technology for authentication and integrity verification, but not for confidentiality.
This legal scenario left the IPsec team with a tough decision:
Should the protocol be exportable, so that everyone around the globe can protect
the integrity and authenticity of their data? Or should the protocol offer encryption,
so that those in the US can keep their data confidential?
Instead of choosing one or the other, they came up with a compromise that's surely frustrated everyone who's had to cram for a networking exam. They settled on two separate protocols within the IPsec protocol suite:
- Authentication Header (AH) — An exportable protocol that only offers integrity and authenticity protections
- Encapsulating Security Payload (ESP) — A restricted protocol that offers the trifecta of confidentiality, integrity and authenticity.
The IPsec standard was finally published in 1995, but that was also the fateful year when Phil Zimmerman published the PGP source code as a book. This and other challenges during the cryptowars put the Government in a tight spot, because books were protected by free speech laws. Eventually, the Government dropped the case against Zimmerman and by 2000, the export controls on encryption were eased.
So now it's far easier to export and use IPsec all over the world. Unfortunately for the AH protocol, this means that it's pretty useless these days. In most scenarios we want confidentiality alongside authenticity and integrity protections. Most implementations stick with ESP, and AH is the neglected stepchild that everyone kind of resents.
So that's the story of why IPsec sucks. But it works well, so we're stuck with it and all its complexities.