Re: On the Use of SCTP with IPsec

[Stephen Kent <kent@bbn.com>]

Angelos,

Creating a bunch of SPD entries would have an impact on steady state 
processing, except to the extent that one decorrelates the SPD (and 
it's newly created entries) and thus can cache them. This is because 
the base spec calls for a linear search of the SPD for every outbound 
packet. But, yes, if we're clever, this may be overcome to a great 
extent.

I'll have to look into the proposal in more detail, but it does seem 
that it might entail potentially greater steady state processing 
costs. Also, if I understand your comment, you're suggesting that we 
can keep current IKE payload formats, but change the processing of 
the content, which really is a protocol change. I'm not sure its 
preferable to focus so much on preservation of formats vs. processing 
in this case; either is a change of the protocol in the bigger 
implementation sense, right?

Steve

---

Follow-Ups:

• Re: On the Use of SCTP with IPsec
• From: "Angelos D. Keromytis" <angelos@keromytis.org>
• Re: On the Use of SCTP with IPsec
• From: "Jari Arkko" <jari.arkko@kolumbus.fi>

References:

• Re: On the Use of SCTP with IPsec
• From: "Angelos D. Keromytis" <angelos@keromytis.org>

---

• Prev by Date: Re: On the Use of SCTP with IPsec
• Next by Date: Re: On the Use of SCTP with IPsec
• Prev by thread: Re: On the Use of SCTP with IPsec
• Next by thread: Re: On the Use of SCTP with IPsec
• Index(es):
  • Main
  • Thread