[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IVs and IDENTs

To: atkinson@itd.nrl.navy.mil
Subject: Re: IVs and IDENTs
From: Phil Karn <karn@qualcomm.com>
Date: Mon, 29 Aug 1994 10:27:07 -0700
Cc: kasten@ftp.com, ipsec@ans.net
In-Reply-To: <9408291149.ZM7428@sundance.itd.nrl.navy.mil> (message from Ran Atkinson on Mon, 29 Aug 1994 11:49:23 -0500)

>  IMHO there is no need to use the IDENT field from IPv4.  The needed
>space, if any, can be part of the algorithm-dependent stuff just after
>the SAID.  This approach works for both IPv4 and IPv6.

Yes, but the whole point to this exercise was to see if we could keep
the overhead to a minimum.

I occasionally run an IPSEC prototype over my SLIP link. I can easily
tell when it is there by the decreased performance. There is no VJ
header compression and no V.42bis data compression. And the X server
makes things even worse by disabling the Nagle algorithm in TCP that
would otherwise work to limit header overhead with increasing load.

This is bad if we want to make this stuff universal. True, using the
IP ID field as an IV doesn't fix any of this other stuff, but at least
it keeps it from getting any worse.

Phil

Follow-Ups:

Re: IVs and IDENTs

From: "Perry E. Metzger" <perry@imsi.com>

References:

Re: IVs and IDENTs

From: Ran Atkinson <atkinson@sundance.itd.nrl.navy.mil>

Prev by Date: Re: OFB for IPSEC
Next by Date: Re: IVs and IDENTs
Prev by thread: Re: IVs and IDENTs
Next by thread: Re: IVs and IDENTs
Index(es):
- Main
- Thread