[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TO COMPRESS OR NOT TO CMPRS (please reply)

To: "Angelos D. Keromytis" <angelos@aurora.cis.upenn.edu>
Subject: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
From: Matt Thomas <matt@lkg.dec.com>
Date: Tue, 18 Feb 1997 22:28:13 -0500
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com

At 08:33 PM 2/18/97 +0000, Angelos D. Keromytis wrote:
>>1. What is the status of adding compression to ESP? 
>
>I'm against adding compression to a particular transform. Someone
>mentioned having compression as an attribute to a SAID as a whole; if
>we want compression (and i'm not sure it'll buy us much), i think
>that's how it should be done. It should certainly be optional.

Compression is something that should be included in the proposal and
would be "independent" of any underlying transform.

>>2. Placement of the "packet compressed/not-compressed" byte/bit
>
>No need for this if we do (1). Otherwise, i'd rather see a different
>ESP transform (and don't tell me we're wasting bytes; if compression
>gains us about the same number of bytes as the extra ESP header or
>less, then clearly we shouldn't even be considering it as an option).

If you are compressing on the fly, sometimes the compress will 
actually generate more data; in this case you want a flag to show
even though compression is enabled it was not used on this packet.

>However, just what is the model in mind ? I doubt firewalls need to
>perform compression; most companies have decent speed links to the
>Internet, so compression there wouldn't buy much.
>
>A couple more points:
>a) i think the only place compression would buy anything, especially
>   networks become faster, is the "last mile" (as Steve Bellovin
>   said); the 28.8 (or so) PPP link. Now, PPP already has compression
>   for that link (or so i remember). Additionally, forcing compression
>   in an ESP transform will make the two endpoints also perform encryption;
>   i don't know about you, but i feel that there's higher chance of
>   my data being snooped as they travel over the Internet than on the phone
>   line from my place to the ISP.

If you are using encryption, the encrypted data is going to be uncompressable
so PPP level compression is not going to be useful.

>b) assuming the end user does use encryption all the way to the server
>   somewhere on the net; forcing the server to do compression is "bad
>   manners" IMO, since the server has probably more need of the CPU
>   cycles than the (few ?) bytes compression will give save from the
>   link. Establishing yet another SAID with the PPP remote endpoint 
>   to do additional compression just at the final step falls under 
>   (a), unless compression is a separate ESP transform (but again, 
>   doesn't PPP already do compression ?).

Buy lots of Alphas as your servers. :-)
-- 
Matt Thomas                      Internet:   matt@lkg.dec.com
UNIX Networking                  WWW URL:    http://ftp.digital.com/%7Ethomas/
Digital Equipment Corporation    Disclaimer: This message reflects my own
Littleton, MA                                warped views, etc.

Prev by Date: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
Next by Date: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
Prev by thread: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
Next by thread: Re: TO COMPRESS OR NOT TO CMPRS (please reply)
Index(es):
- Main
- Thread