[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: proposed IPSEC changes/extensions

To: Santeri Paavolainen <santtu@cs.hut.fi>
Subject: Re: proposed IPSEC changes/extensions
From: Bill Sommerfeld <sommerfeld@apollo.hp.com>
Date: Fri, 01 Nov 1996 14:12:10 -0500
Cc: ipsec@TIS.COM
In-Reply-To: santtu's message of Fri, 01 Nov 1996 15:24:35 +0200. <Pine.GSO.3.94.961101151133.21413A-100000@hutcs>
Sender: ipsec-approval@neptune.tis.com

> Even if compression and replay prevention both require state, their state
> is separate from each other's state. Compression does not need to know
> anything about replay prevention's state to work. Why should they be
> defined in the protocol to be contained both in a single
> transformation? 

Both replay prevention and stateful compression require sequence
numbering of some sort.  Putting two sequence numbers which are
stepped identically in a packet is wasteful; it also *potentially*
increases the amount of predictable plaintext in a message (a concern
which Steve Bellovin has raised on at least one occasion)..

					- Bill

Date: Fri, 1 Nov 1996 16:02:53 -0500
From: Hilarie Orman <ho@earth.hpc.org>
Message-Id: <199611012102.QAA26649@earth.hpc.org>
To: kent@bbn.com
Cc: ipsec@TIS.COM
In-reply-to: Yourmessage <v02130502ae9ff67db166@[128.89.0.110]>
Subject: Re: proposed IPSEC changes/extensions
Sender: ipsec-approval@neptune.tis.com
Precedence: bulk

It's not good to see the design process driven by the perceived difficulty
of modifying an old base and the perceived difficulty of getting through
standards process.

Hilarie

References:

Re: proposed IPSEC changes/extensions

From: Santeri Paavolainen <santtu@cs.hut.fi>

Prev by Date: Re: proposed IPSEC changes/extensions
Next by Date: Re: proposed IPSEC changes/extensions
Prev by thread: Re: proposed IPSEC changes/extensions
Next by thread: Re: proposed IPSEC changes/extensions
Index(es):
- Main
- Thread