[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Compression, encryption and authentication at a Security Gateway

To: ipsec@tis.com, ippcp@external.cisco.com
Subject: Compression, encryption and authentication at a Security Gateway
From: Stephen Waters <Stephen.Waters@digital.com>
Date: Fri, 29 May 1998 12:26:32 +0100
Cc: Stephen Waters <Stephen.Waters@digital.com>
Sender: owner-ipsec@ex.tis.com


The hunch/findings that folk seem to have when running IPPCP is that the
performance is poor and if IPPCP is done in series with encryption,
compression is probably not worth bothering with (I'm assuming that you
would be using IPPCP because you wanted to use IPSEC encryption).

Host hosts have IPSEC/IPPCP,  there is the option that Security Gateways
won't need to do encryption either, for example, a remote-worker who
tunnels to a Security Gateway for authentication and then encrypts to a
mail-server with transport mode :

[IP2][AH][IP1][ESP][upper][pad/np][icv]

The Security gateway does packet-level authentication and the target
node (say, a mail server) does the decode.
I see that the [IP1] header is no longer confidential, but the
alternative is to have the SG re-encrypt the entire packet.

What I'm coming to is that Security Gateways are likely to want to be
VERY sharp at doing per-packet authentication.

(hiding under table time)
Steve.


Stephen Waters
DEVON, UK

National: 01548 551012 / 550474
International: 44 1548 551012 / 550474
Stephen.Waters@Digital.com

Follow-Ups:

RE: Compression, encryption and authentication at a Security Gateway

From: "Bob Monsour" <rmonsour@hifn.com>

Prev by Date: RE: IPCOMP and IPSEC
Next by Date: RE: Compression, encryption and authentication at a Security Gateway
Prev by thread: Reasonable lifetimes for IPSec and IKE ??
Next by thread: RE: Compression, encryption and authentication at a Security Gateway
Index(es):
- Main
- Thread