[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ESP revisions straw poll



In message <v0300780caf9ff3d229e4@[128.89.30.23]>, Stephen Kent writes:
>	As I mentioned in my message, the most obvious apporpriate use of
>ESP w/o encryption is in tunnel mode, where authenitcation of the outer IP
>addresses does not appear to be critical.  This is a common scenario for
>VPNs, and might be used in conjunction with a transport mode encypted ESP,
>in nested fashion, e.g., to provide security to a server or desktop behind
>the firewall.

I still believe AH is what they should do.

>	As for the performance concern, we disagree.  We are implementing
>ESP without encryption, in tunnel mode, for inter-router authentication and
>our analysis suggested that this was preferable to AH in tunnel mode.
>While I agree with Pau's observation that the greatest gain in a software
>implementation is to be had in better hash algorithm implementations, there
>is still the issue of the additional hit due to header copying.  Also, I
>have been approached by some folks who are looking to implement ESP in
>hardware (e.g., outboard of a supercomputer).  The selective authentication
>characteristics of AH make that hard, while the ESP pure encapsulation
>design is amenable to efficient DMA processing.

I didn't notice any significant differences in performance in any of
the pure-software implementations i've been involved in. Following the
rule of "optimizing the common case", i'd still optimize the hash
function first. Also, i think the cost of header copying is probably
overestimated; if one keeps enough space in the begining of the
buffer/mbuf/skbuf/whatever, it is possible to do all the copying in
the processor cache (L1). This is really minimal overhead. This also
solves the hardware hashing problem (and for large packets, copying
the header won't matter if you also have to copy the whole packet in a
contiguous memory block, as opposed to it being in an mbuf chain or
what have you).

I'm not saying you don't have some arguments in favour of
encryptionless ESP. However:
a) the implementors at Memphis decided against it
b) i've seen no one speak publically for it on the list except you
c) i've talked to two people off the list who are for it, and one
   changed his mind
d) it's about time we stop arguing

So, i'll insist on no encryptionless ESP.
Regards,
-Angelos


References: