[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IVs, summary of discussion
Phil,
I agree that security is a matter of tradeoffs and, as you
point out, the debate topic here is what constitutes "good enough" for
most situations so as to make it the default operational mode for
IPSP. Nonetheless, since what we are debating involves hard to
quantify tradeoffs, it is reasonable for different folks to have
different views abotu what constitutes the right balance. Your
position is colored by a strong desire to reduce per-packet overhead
so that low speed links are minimally affected. Others emphasize
commonality of function between IPv4 and v6, protocol layering, or
functional modularity. We need a list of the tradeoffs so that we can
develop some concensus on relative importance, to guide these
deliberations.
Steve
P.S. The Internet did not, in the good ole' days, adopt the
philosophy you cited, and which seems to be cited fairly often these
days. TCP, for example, goes to great lengths to support simultaneous
opens by communicating peers, rather than adopting the X.25 approach
of simultaneous calls setups failing. In practice, I suspect very,
very few such opens every occur, especially because of the widespread
use of well known ports and a client-server approach to application
design. TCP also works hard to manage the sequence number space to
reject duplicate packets in the face of late arrivals (though not
malicious replays) and half-open connection attempts, another
robustness feature that might not be needed to meet the 90% success
criteria you and others cite. I think we should avoid the trap of
possibily being "lazy" in addressing problems under the ruberic of
"good enough for the Internet."
References: