[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TO COMPRESS OR NOT TO CMPRS (please reply)



-----BEGIN PGP SIGNED MESSAGE-----


>1. What is the status of adding compression to ESP? 

I'm against adding compression to a particular transform. Someone
mentioned having compression as an attribute to a SAID as a whole; if
we want compression (and i'm not sure it'll buy us much), i think
that's how it should be done. It should certainly be optional.

I should add that i'm against compression at the network layer; i feel
it should be moved higher up.

>2. Placement of the "packet compressed/not-compressed" byte/bit

No need for this if we do (1). Otherwise, i'd rather see a different
ESP transform (and don't tell me we're wasting bytes; if compression
gains us about the same number of bytes as the extra ESP header or
less, then clearly we shouldn't even be considering it as an option).


However, just what is the model in mind ? I doubt firewalls need to
perform compression; most companies have decent speed links to the
Internet, so compression there wouldn't buy much.

A couple more points:
a) i think the only place compression would buy anything, especially
   networks become faster, is the "last mile" (as Steve Bellovin
   said); the 28.8 (or so) PPP link. Now, PPP already has compression
   for that link (or so i remember). Additionally, forcing compression
   in an ESP transform will make the two endpoints also perform encryption;
   i don't know about you, but i feel that there's higher chance of
   my data being snooped as they travel over the Internet than on the phone
   line from my place to the ISP.

b) assuming the end user does use encryption all the way to the server
   somewhere on the net; forcing the server to do compression is "bad
   manners" IMO, since the server has probably more need of the CPU
   cycles than the (few ?) bytes compression will give save from the
   link. Establishing yet another SAID with the PPP remote endpoint 
   to do additional compression just at the final step falls under 
   (a), unless compression is a separate ESP transform (but again, 
   doesn't PPP already do compression ?).
- -Angelos
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQCVAwUBMwpYhL0pBjh2h1kFAQHYsgP/atGT5lcBVx8l+OOvbXLvIbRbiguFjM+v
iqrnAKzL3rpRbhknzQkse55HxrTL6M1xy1XOdpswgZG/0ExJUSBsdmX8Iy3FXdvN
yZKev/WAEzFt8IFcO1Wa1rAfBPMSnE/vKlICoh2+asbW0/Imb3Ve+si0r/s5j9S+
SsjUGzxMjyg=
=YZFq
-----END PGP SIGNATURE-----