[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SKIP wastes bandwidth

To: ipsec@ans.net
Subject: SKIP wastes bandwidth
From: "William Allen Simpson" <bsimpson@morningstar.com>
Date: Thu, 23 Nov 95 06:57:59 GMT

Because you seem incapable of addition, here is little more clear and
direct comparison:

> From: ashar@osmosys.incog.com (Ashar Aziz)
> > SKIP headers range from 28 to 60 bytes, not including the IP Security
> > headers (only 4 to 8 bytes).
>
> You are comparing apples and oranges.
>
> For SKIP, you are counting algorithm specific information (the encrypted
> key is algorithm specific) but for ESP/AH you are only counting algorithm
> independent information. If you count algorithm specific information, the
> overheads are quite comparable. For example, for AH with keyed MD5,
> the per packet overhead due to AH is 24 bytes.
>
Last I noticed, SKIP included AH headers!

I was overly generous, and only calculated with SKIP plus ESP headers!


> The SKIP header can be as small as 20-28 bytes, (which BTW is probably
> going to be the common case in initial SKIP deployment).

Your SKIP header diagrams indicate a minimum 28 bytes.  I clearly stated
a _range_ of SKIP headers, as presented in your proposal!

Reading carefully, the short 20 byte variant is only possible if IP
addressed are used instead of master IDs.

But on the other hand, more than 8 byte keys are necessary when using AH
instead of ESP.  Full size SKIP with 16 byte keys is 68 bytes!

OK, let's look at the "true" range of 20 to 68 bytes....


> This is either
> slightly *less* or slightly more header overhead as compared to AH with
> Keyed MD5 (24 bytes).
>
SKIP includes AH headers, so that overhead is in addition to AH, not in
comparison to AH!

That makes the SKIP plus AH headers 56 to 92 bytes!


> > The Internet Protocol Security Working Group spent considerable time in
> > designing the ESP and AH headers to be as small as possible.
> >
> > Considering that the average TCP payload is 13 bytes, and the average IP
> > datagram is 124 or so bytes, bloating every datagram by an extra 50% to
> > 200% is unacceptable
>
> First of all, if you assume avg SKIP header as 20-30 bytes,
> this comes to 16-24% of a 124 byte packet (and not 50-200%).
>
SKIP (128-bit key) plus AH (MD5) is at least 92 bytes.  A TCP/IP Ack is
exactly 40 bytes.  This almost 250% overhead.  Worse than 200%.

SKIP (64-bit key) plus ESP (DES) is at least 36 bytes.  A TCP/IP with an
average payload of 13 bytes is 53 bytes.  This is 68% of the deliverable
datagram.  Again, I was being generous estimating only 50%.


> Assuming worst case SKIP header overheads with small sized
> IP packets is quite misleading.
>
I didn't.  I was fair.  I gave a range.  I was generous.

And don't give me crap about using an average.  It does not matter that
some packets can be bigger.  Half will be smaller, and the bloated SKIP
header has a _WORSE_ impact on smaller packets!

The real impact will likely be dominated by the worse case estimate!
Particularly as encryption makes VJ header compression impossible!

Bill.Simpson@um.cc.umich.edu
          Key fingerprint =  2E 07 23 03 C5 62 70 D3  59 B1 4F 5E 1D C2 C1 A2

Prev by Date: SKIP insecure
Next by Date: Re: WG Last Call for SKIP I-D
Prev by thread: SKIP wastes bandwidth
Next by thread: Re: SKIP wastes bandwidth
Index(es):
- Main
- Thread