[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (IPng) Re: Proposed message on perfect forward security





> >I do not think TCP vs TP[0-4] is a fair analysis to in-band vs
> >out-band.  TCP and TPxxx are two different protocol suites, two
> >different AFs to a socket, and I believe two different philosophies
> >towards the functions of a transport layer protocol.  In-band is an
> >option customers may want to use who do not need perfect forwarding
> >security.  Everything else about the ip6_input layer is the same, all
> 
> Ah, but I think TP[0-4] *is* an excellent analogy. The reason given
> for having 5 different transport protocols, all of which provided the
> same interface to the user, was that the "heavier" protocol (TP4) was
> not needed when the underlying network claimed to provide reliability.
> As we saw, however, the benefits of having a single, universal transport
> protocol providing a virtual byte stream service outweighed any
> concerns about performance -- many of which became moot when clever
> tricks like VJ header compression came along.

I also agree that this is at least a partly reasonable analogy. 
Some of us who were working on CLNP/TP4 etc at the time figured
that TP4 was obviously necessary (for the same reasons as TCP 
over IP), and that the market would figure this out. What 
happened instead was that having five transport layer standards 
and at least two network layer standards helped to confuse 
potential users, which added still more delay and confusion to 
potential use of OSI.

Now, the analogy probably partly fails in that network and
transport layer problems were NOT what stopped OSI (at least
in my opinion). I think that OSI suffered more from application
complexity, particular complexity as seen by the user (eg, ugly
Email names), and other problems independent of the network and
transport layers. However, if OSI had said "TP4 and CLNP are our
transport and network layer standards" then this would have made 
it simpler for folks who thought that they needed to deploy OSI 
to actually start doing so. 

> And so I believe it will be with IP security. Once it becomes popular,
> people will find clever coding tricks and CPUs will get faster. But it
> won't become popular if there are a half dozen non-interoperable
> standards competing with each other. That says we should try to make
> the most general purpose protocol we can.
> 
> Phil

Also, if encryption is really *necessary* for security in the 
Internet to work, and if simultaneous security and performance 
in the Internet is necessary for the global information super-
highway to have a several orders of magnitude increase in its 
commercial value, then encryption may need to be in hardware.
Clearly hardware can be cheaper if there are fewer standards
to implement (although patents and laws may also throw a monkey 
wrench in the works). 

Ross