[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?

To: kent@bbn.com
Subject: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
From: Paul Koning <pkoning@xedia.com>
Date: Tue, 7 Mar 2000 16:05:56 -0500
Cc: ipsec@lists.tislabs.com
References: <1FD60AE4DB6CD2118C420008C74C27B81D0580@baltimore.com><200003071556.KAA06133@tonga.xedia.com><v04220804b4eb1bd9298c@[171.78.30.107]>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Stephen" == Stephen Kent <kent@bbn.com> writes:

 Stephen> Paul,
 >> >>>>> "Chris" == Chris Trobridge <CTrobridge@baltimore.com>
 >> writes:
 >> 
 Chris> It does reinforce the advantages of authentication in ESP.  I
 Chris> don't know if I've come to the point of assuming ESP
 Chris> authentication is pretty much essential through this group or
 Chris> though discussions with customers, but what do others think?
 >>  I've been convinced by Steve Bellovin's papers that it is
 >> essential.  Unfortunately, we're not currently allowed to reject
 >> ESP with null authenticaton.  As far as I'm concerned, that's a
 >> bug, but unfortunately some feel differently.  We're definitely
 >> telling people in documentation not to skip authentication.
 >> 
 >> Both in software and hardware, there is no performance
 >> justification for omitting authentication.

 Stephen> I think the technical term here is "wrong" :-). 

Yes, I guess we're disagreeing on this point.  

 Stephen> In software
 Stephen> implementations, performing authentication on ESP packets
 Stephen> adds delay and may become a throughput limiting factor,
 Stephen> assuming serial processing.  In all systems it adds bytes
 Stephen> that must be transmitted.  In an era where our wireless
 Stephen> friends are pushing for certificate lite, and people are
 Stephen> hacking TCP at intermediate points to improve performance,
 Stephen> the extra 12 bytes of authentication data may be the
 Stephen> proverbial straw in some instances.

I find these arguments singularly unconvincing in the light of Moore's 
Law and its data comm equivalent (where the time constant is, if
anything, shorter).  Thus I tend to say nasty things when I look at
things like PPP header compression, or 3 byte integers in ATM SVC
signalling protocols, and other stuff designed with the notion that
every byte is precious.  Those tradeoffs, in my opinion, do far more
harm than good.  If they can be justified at all, it is only for the
short time the underlying assumptions were valid.  But the harmful
side effects in added complexity last far longer. 

	paul

Follow-Ups:

RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?

From: Stephen Kent <kent@bbn.com>

References:

RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?

From: Chris Trobridge <CTrobridge@baltimore.com>

RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?

From: Paul Koning <pkoning@xedia.com>

RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?

From: Stephen Kent <kent@bbn.com>

Prev by Date: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
Next by Date: RE: ipsec NICs?
Prev by thread: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
Next by thread: RE: Q: Why IPSEC to be used only in CBC mode & not other like CFB or OFB ?
Index(es):
- Main
- Thread