[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

low end (was RE: Son of IKE...)

To: IP Security List <ipsec@lists.tislabs.com>
Subject: low end (was RE: Son of IKE...)
From: Henry Spencer <henry@spsystems.net>
Date: Fri, 14 Jun 2002 14:24:04 -0400 (EDT)
In-Reply-To: <2F3EC696EAEED311BB2D009027C3F4F405869B0B@vhqpostal.verisign.com>
Sender: owner-ipsec@lists.tislabs.com

On Fri, 14 Jun 2002, Hallam-Baker, Phillip wrote:
> ...we can actually be fairly precise here, anything that needs IPSEC is
> going to also need the ability to communicate via IP. That immediately
> excludes processors with 64Kb memory spaces from rational consideration...

A rash statement, and not well founded in fact.  Even disregarding certain
historical examples which are arguably no longer relevant, TCP/IP is now
showing up in the embedded-computing market.  8-bit processors, some with
noticeably *less* than 64KB memory space, are now speaking IP, TCP, even
HTTP, over RS232 or even Ethernet, in very large numbers... and many of
those applications are at least potentially interested in security. 

Whether those applications are interested in IKE is a slightly different
question.  Many of them do intermittent, low-volume communications in a
fairly static topology, and their needs could probably be met quite well
with manual keying (in more ambitious cases, perhaps by a manually-keyed
master connection used to communicate new session keys for application-
specific connections). 

This doesn't mean that they aren't *interested* in IKE, mind you, only
that accommodating their fairly-severe constraints is probably a "nice to
have" rather than a firm requirement for IKE. 

Systems consisting, roughly, of a 33MHz 486 (no FPU) with 1MB each of RAM
and ROM run embedded variants of Linux, and are of strong interest to the
high-end embedded community, not least for their TCP/IP capabilities.
That's definitely within our sphere of interest. 

There is a large region between those two levels, where there is also
quite a bit of networking going on.  But I can't claim recent familiarity
with it and hence can't comment on it informatively. 

                                                          Henry Spencer
                                                       henry@spsystems.net

References:
- RE: Son of IKE: A proposal for moving forward
  - From: "Hallam-Baker, Phillip" <pbaker@verisign.com>

Prev by Date: RE: PMTU and NAT-Traversal problem
Next by Date: IPsec AH and ESP I-Ds; source address as possible SA selector for multicastSA?
Prev by thread: RE: Son of IKE: A proposal for moving forward
Next by thread: IPSec support for IPv6
Index(es):
- Date
- Thread