[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Decoupling compression and security

To: ipsec@tis.com
Subject: Decoupling compression and security
From: Derek Palma <dpalma@netcom.com>
Date: Fri, 22 Nov 1996 12:59:54 -0800
Cc: dpalma@netcom.com
Sender: owner-ipsec@ex.tis.com

Some recent IPSEC implementation experiences and the current discussion
has caused me to consider the virtues of coupling compression
transforms with security.  No doubt use of compression has
benefits, even if only applied to a single packet.

I see no problem with having compression be part of an SA.
But I think it lacks some generality.  The output of a compression
algorithm can be larger than the input, the sender will no
doubt like to selectively compress.  This means the receiver
must be able to receive compressed and uncompressed data.
This seems independent from the SA.  Howeverm, the SA setup
can be used to select the compression algorithm.

Generic (probably PPP like) compression transforms which stand
on their own (apart from IPSEC) seemslike a more general solution.
However, IPSEC is the only group who can justify using compression
on a per packet basis.  Would a set of IP-COMP transforms (vs IPSEC)
be more appropriate?

Derek

Prev by Date: Unexpected silence (Test posting)
Next by Date: Re: Decoupling compression and security
Prev by thread: Unexpected silence (Test posting)
Next by thread: Re: Decoupling compression and security
Index(es):
- Main
- Thread