[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Granularity of authentication in swIPe

To: perry@imsi.com
Subject: Re: Granularity of authentication in swIPe
From: Steve Kent <kent@BBN.COM>
Date: Wed, 22 Jun 94 16:58:10 -0400
Cc: ipsec@ans.net
In-Reply-To: Your message of Wed, 22 Jun 94 16:47:32 -0400. <9406222047.AA03677@snark.imsi.com>

Perry,

	TCP/IP doesn't have the diversity of options envisioned for
IPSP.  You don't get to negotiate the TCP checksum or the sequence
numer size for example.  We have a negotiation for encryption and
integrity algorithms, sequence numbers (and their size?), and all this
after we have performed an as-yet-unspecified key management protocol.
In comparison, TCP is pretty well fixed and thus subject to quite a
bit of optimization.  IP is more variable because of IP options, but
many implementations do an extremely poor job of dealing with IP
options, some to the point of crashing!  

Steve

References:

Re: Granularity of authentication in swIPe

From: "Perry E. Metzger" <perry@imsi.com>

Prev by Date: Re: Granularity of authentication in swIPe
Next by Date: Re: Re[2]: Granularity of authentication in swIPe
Prev by thread: Re: Granularity of authentication in swIPe
Next by thread: Re[2]: Granularity of authentication in swIPe
Index(es):
- Main
- Thread