[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: I-D ACTION:draft-thayer-seccomp-00.txt
On Thu, 08 Aug 1996, Naganand Doraswamy <naganand@ftp.com> wrote:
> Instead of adding a new header for compression, does it make sense to say
> that we negotiate compression as a part of transform? For example, can we
> negotiate a trasform for ESP which says DES-CBC 64 bit IV with compression
> enabled so that we compress the data before encrypting. We will avoid the
> extra overhead of another header this way.
I think it's much better to have separate AH, ESP and COMP headers.
I don't like the approach of creating combined AH-ESP transforms.
Especially now, with the upcoming compression algorithms (which I'm very
much in favor of), this would result in a massive explosion of the number of
combined AH-COMP-ESP-transforms. Just having 2 of each of the transforms
plus the possibility to drop any of them already gives us (2+1)^3=27
combinations, which already will make creating/maintaining any IPSEC
implementation into a nightmare.
Therefore I very much like the orthogonality approach originally intended,
so that you can choose every combination of AH, COMP, and ESP you think fits
your needs best. This approach also improves modularity and flexibility in
the implementation.
-Marcel
---
Marcel Waldvogel Swiss Federal Institute of Technology (ETH)
Phone/Fax +41-1-632 70 62/10 35 Computer Engineering and Networks Laboratory
http://www.tik.ee.ethz.ch/~mwa ETH Zentrum, ETZ G63; CH-8092 Zürich
PGP public key fingerprint = 5D D0 A1 6D F2 BC 60 69 46 49 2C 6D F8 EE 9E BF
References: