[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Son-of-IKE Performance
Bill Sommerfeld <sommerfeld@east.sun.com> writes:
> I'd like to see a little more detail on the real impact of the key
> exchange on end-to-end latency.
Yes, I agree that this would be worthwhile. However, now we're getting
into the realm of measurement, not just desk analysis :) This is a
little difficult since some (all?) of these protocols are unimplemented.
There's also the issue of computational latency and parallelism.
I'm afraid this is goign to at least require drawing timelines...
Anecdotally, I use Racoon and KAME and I find that it _feels_ pretty
terrible. OTOH, it might be misconfigured.
> At what point in each exchange can the initiator set up its outbound
> SA? Its inbound SA? Likewise for the responder.
Hugo brought up this point as well and I'll be looking over the
protocols to determine the answer. However, as Jan Vilhuber points
out, exactly when you can set up SAs isn't totally clearcut.
If anyone wants to offer some answers to these questions to help fill
the table I wouldn't complain :)
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
References: