[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec for IP Telephony

>>>>> "Costantini," == Costantini, Frank <" <Frank.Costantini@ccmail.l-3com.com>> writes:

 Costantini,> Is the intent of the IPSEC community that secure IP
 Costantini,> Telephony applications utilize 3DES in CBC mode for
 Costantini,> encryption?  Considering the extreme sensitivity that IP
 Costantini,> Telephony has for latency, CBC mode is not a good choice
 Costantini,> for a cryptographic mode for that application.  Has a
 Costantini,> stream-cipher mode of operation for delay-sensitive
 Costantini,> IPSEC applications been defined somewhere?
I don't understand the point.  Encrypting a packet will add some
latency, but I don't see any reason to prefer a stream cypher over a
block cypher when doing packet oriented processing.  Sure, 3DES may be 
slow in some implementations, but that's an implementation matter, not 
a fundamental property.

If you were transmitting byte stream data, things might (or might not) 
be different, but we're talking IP packets...

We've been doing some latency measurements and the numbers come out
well below what would be an issue for VoIP (or for that matter, way
below the wire delay for T1 never mind slower stuff).