[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Granularity of authentication in swIPe

To: perry@imsi.com
Subject: Re: Granularity of authentication in swIPe
From: Steve Kent <kent@BBN.COM>
Date: Fri, 17 Jun 94 15:26:27 -0400
Cc: ipsec@ans.net
In-Reply-To: Your message of Fri, 17 Jun 94 13:47:10 -0400. <9406171747.AA02569@snark.imsi.com>

Perry,

	It is true that using fine-grained SAIDs does reveal more
traffic analysis info.  However, different users of IPSP may have
different motivations for their use of SAIDs and traffic analysis may
be low on their list of concerns.  I certainly hope that the
algorithms we use are sufficiently good that the additional info
provided by fine-grained SAIDs would not be a concern.  So, while I
agree that one big, fat pipe between two sites has advantages from a
T/A perspective, it may have disadvantages from other perspectives.
If we want IPSP to be flexible in this regard, we have to provide for
a large SAID space.  If we narrow down how SAIDs will be used, and
restrict the use to flavors that will not generate a demand for large
numbers of SAIDs, then we can live with a smaller field.

Steve

References:

Re: Granularity of authentication in swIPe

From: "Perry E. Metzger" <perry@imsi.com>

Prev by Date: Re: Granularity of authentication in swIPe
Next by Date: Re: Granularity of authentication in swIPe
Prev by thread: Re: Granularity of authentication in swIPe
Next by thread: Re: Granularity of authentication in swIPe
Index(es):
- Main
- Thread