RE: draft-ietf-ipsec-ciph-aes-ctr-00.txt

[Paul Koning <pkoning@equallogic.com>]

>>>>> "Richard" == Richard Waterhouse <Waterhouse> writes:

 Richard> Henry Spencer replied
 >> The "noisy environment" is a link-level problem, not an IP-level
 >> problem, so it can be, should be, and is, solved with FEC at the
 >> link level.  That is the right approach for a number of reasons,
 >> not least the need to tailor the FEC to the characteristics of the
 >> noise environment.
 >> 
 Richrd> In an ideal world this would be true. But in the real world
 Richard> there are a
 Richard> lot of networks (e.g., radio and wireless) where non-trivial
 Richard> noise is still seen by the higher layers. Therefore, even
 Richard> though it's not ideal, applications that need to run in such
 Richard> environments have to do FEC/CRC end-to-end. And they can't
 Richard> do it if the data carried in the packets is discarded, and
 Richard> not passed up, because of an ESP level authentication
 Richard> function.

I assume then that you would propose doing authentication (e.g., ESP
with null encryption) above the FEC layers, end to end?  If so, then
this will only work if you can guarantee that the pipe between those
authentication endpoints will never be shared, otherwise you have just
made the encryption useless via the Bellovin attack.

     paul