[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ISO NLSP comments & suggestions
Folks,
I've spent much of the last week really studying this specification.
It seems to badly suffer from ISO-ese in its documentation and also in
its design.
For example, the way that many of the fields were designed makes
them extremely expensive to parse (variable length, variable presence,
etc.). I understand that some of the fields will have to be variable
in order to support different algorithms. However, it seems to me
that there ought to be a way to streamline some of the fields.
I think we should have the design objective that (exclusive of the
performance cost of the security algorithm) the IPv4 Security Protocol
support very fast implementations. I've got experimental ATM circuits
at OC-3C rates (155 Mbps) right now and NASA/DoE are reportedly going
to an ATM-based OC-3C backbone during 1993. In 2-3 years these fast
circuits will be fairly common. It is important that the IPSP itself
(as distingished from whichever algorithm one uses) not be the
performance bottleneck.
The DIS NLSP specification is much less readable and clear than the
SP3 specification was (probably due to ANSI/ISO rules). A number of
the changes from SP3 are not obviously needed and could use some
public clarification in Ohio. Ideally someone very familiar with both
could highlight the technical differences along with some high-level
clarification on why each change was made.
Also, I think it would be very very helpful if someone could make a
first cut at adapting the mechanisms of NLSP into a more streamlined
format usable for IPv4 and put that out as a basis for discussion. If
this happened before Ohio, I think that would also help focus the
discussions in Ohio.
Ran
atkinson@itd.nrl.navy.mil