[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re[2]: Granularity of authentication in swIPe

To: karn@qualcomm.com
Subject: Re: Re[2]: Granularity of authentication in swIPe
From: Hilarie Orman <ho@cs.arizona.edu>
Date: Fri, 24 Jun 1994 20:14:53 -0700
Cc: ipsec@ans.net
In-Reply-To: Your message <199406250049.RAA26404@servo.qualcomm.com>

>>One can easily send 16K packets in about the same amount of time that
>>rekeying takes with Diffie-Hellman.  Is this a desirable balance?

> Uh, doesn't this kind of figure depend on the particular ratio of link
> speed to CPU speed?

Of course.  Scanning back through this discussion I see that Steve
Kent has already mentioned that the sequence number field should be
larger or the size negotiable.  Occam's protocols don't negotiate or
have options.  It would seem desirable to eliminate the the sequence
number or make it a fixed (large) size.  Anticipating the continued
increases in both network and processor speeds has to be part of the
process if it is to satisfy 95% of the needs by the time the standard
is finished.

References:

Re: Re[2]: Granularity of authentication in swIPe

From: Phil Karn <karn@qualcomm.com>

Prev by Date: Re: Re[2]: Granularity of authentication in swIPe
Next by Date: Re: Re[2]: Granularity of authentication in swIPe
Prev by thread: Re: Re[2]: Granularity of authentication in swIPe
Next by thread: Re: Re[2]: Granularity of authentication in swIPe
Index(es):
- Main
- Thread