[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: proposed IPSEC changes/extensions
Steven Bellovin writes:
> Yes, there's a requirement for a resync bit -- but does that imply
> a need for compression-level NAK packets, to say that something was
> dropped, and that we need to resync?
Feedback in compression isn't always necessary. There's always the
`reset-every-n-packets' method.
> My estimate is that it will take about a year before we have a clean
> spec for compression, independent of the standards process. I don't
> want to wait until then to start deploying IPSEC.
I agree completely.
> Nor am I convinced that we know what fields to add now to the ESP
> header, to leave room for compression.
I disagree--I don't think any compression fields belong in the ESP
header. As I've said before (with no comment from others), I think
all compression header fields should be encrypted, and should be as
small as possible to reduce the amount of guessable plaintext.
--
Karl Fox, servant of God, employee of Ascend Communications
3518 Riverside Drive, Suite 101, Columbus, Ohio 43221 +1 614 326 6841