[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TO COMPRESS OR NOT TO CMPRS (please reply)
Bob,
>1. What is the status of adding compression to ESP?
>
> I know that there are some wg members who support the use of compression,
> some who don't and some who haven't expressed an interest either way. Well,
> the time has come to decide. PLEASE RESPOND BY INDICATING YOUR POSITION.
> Be sure to copy the wg list in your reply.
>
I am open to optional compression support being added to IPsec.
>2. Placement of the "packet compressed/not-compressed" byte/bit
>
> Several people have suggested that rather than using a whole byte for this
> purpose, simply "steal" the uppermost bit of the pad length field. This is
> a simple solution. It was suggested to me that a maximum of 128 bytes of
> padding is sufficient. Note that the preferred ESP transform for the IPSEC
> DOI (draft-ietf-ipsec-esp-des-md5-03.txt) provides for up to 255 bytes of
> padding. There are two ways to approach this issue:
>
> (a) alter the transform draft to specify a max of 128 bytes of padding, or
>
> (b) for implementations which do not negotiate the use of compression (for
> a particular SA, or never), they can continue to use up to 255 bytes
> of padding; for those that *do* support compression, the maximum
>padding
> would be 128 bytes.
>
I DONT like option b. We already have too many options and I feel this will
complicate it even more! From security point of view, is there any need to
pad more than 127 bytes? If the answer is no from cryptographers, we should
use the MSB of the pad. If the answer is yes, we should think of a better
solution.
--Naganand
----------------------------------------------------------------
naganand@ftp.com
Tel #: (508)684-6743 (O)