[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: proposed IPSEC changes/extensions

To: Steven Bellovin <smb@research.att.com>
Subject: Re: proposed IPSEC changes/extensions
From: Karl Fox <karl@ascend.com>
Date: Mon, 4 Nov 1996 08:51:09 -0500 (EST)
Cc: Hilarie Orman <ho@earth.hpc.org>, kent@bbn.com, ipsec@TIS.COM
In-Reply-To: <9611040742.aa27436@neptune.TIS.COM>
Organization: Ascend Communications
References: <9611040742.aa27436@neptune.TIS.COM>
Reply-To: Karl Fox <karl@ascend.com>
Sender: ipsec-approval@neptune.tis.com

Steven Bellovin writes:
> Yes, there's a requirement for a resync bit -- but does that imply
> a need for compression-level NAK packets, to say that something was
> dropped, and that we need to resync?

Feedback in compression isn't always necessary.  There's always the
`reset-every-n-packets' method.

> My estimate is that it will take about a year before we have a clean
> spec for compression, independent of the standards process.  I don't
> want to wait until then to start deploying IPSEC.

I agree completely.

> Nor am I convinced that we know what fields to add now to the ESP
> header, to leave room for compression.

I disagree--I don't think any compression fields belong in the ESP
header.  As I've said before (with no comment from others), I think
all compression header fields should be encrypted, and should be as
small as possible to reduce the amount of guessable plaintext.
-- 
Karl Fox, servant of God, employee of Ascend Communications
3518 Riverside Drive, Suite 101, Columbus, Ohio 43221   +1 614 326 6841

Prev by Date: Re: proposed IPSEC changes/extensions
Next by Date: IPsec implementations
Prev by thread: Re: proposed IPSEC changes/extensions
Next by thread: Re: proposed IPSEC changes/extensions
Index(es):
- Main
- Thread