[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ESPv3 TFC padding

To: <ipsec@lists.tislabs.com>
Subject: ESPv3 TFC padding
From: Tylor Allison <allison@securecomputing.com>
Date: Tue, 12 Aug 2003 08:29:39 -0500 (CDT)
Sender: owner-ipsec@lists.tislabs.com

Hi,

I have a few questions on what folks are doing for the Traffic-Flow
Confidentiality (TFC) padding for ESPv3.  Is there an algorithm being
deployed for determining how much padding to add, or is that implementation
specific?  Sorry, I couldn't find any documentation for this feature,
outside of the ESPv3 draft.

I'm trying to figure out if it is best to use a random amount of TFC padding,
or to pad out to a certain size (e.g. segment size) for all packets.
It would seem that random padding probably isn't sufficient, as if you're
trying to mask small packets, adding a random pad will just result in a
bigger packet on average, but will still be discernable from a VPN which is
just passing large packets.

If this is truly implentation specific, I'll just pick what I think is
best.  But if there has been some discussion on this, or this is a draft
out there somewhere, I'd like to try and do as others are doing.

Thanks!

Tylor

--------------------------------------------------------------------------------
Tylor Allison
Principal Engineer

Secure Computing®
Protecting the world's most important networks (TM)
www.securecomputing.com
NASDAQ: SCUR
--------------------------------------------------------------------------------

Follow-Ups:
- Re: ESPv3 TFC padding
  - From: Stephen Kent <kent@bbn.com>
- Re: ESPv3 TFC padding
  - From: Henry Spencer <henry@spsystems.net>

Prev by Date: Re: revised IPsec processing model
Next by Date: Protocol Action: 'Using AES Counter Mode With IPsec ESP' to Proposed Standard
Prev by thread: New IKEv2 draft -09
Next by thread: Re: ESPv3 TFC padding
Index(es):
- Date
- Thread