[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2401bis Issue # 76 -- More explanation re: ESPv3 TFC padding &dummy packets



On Thu, 25 Sep 2003, Karen Seo wrote:

> Folks,
>
> Here's a description and proposed approach for:
>
> IPsec Issue #:	76
>
> Title:		More explanation re: ESPv3 TFC padding & dummy packets
>
> Description:
> ============
> Questions have been raised re: how much padding one should add and
> re: generation and discarding of dummy packets.  Should we add text
> explaining more about these topics?
>
>
> Proposed approach:
> ==================
> 2401bis will be modified with text along the lines of:
>
> "ESPv3 provides a facility to allow an arbitrary amount of padding to
> be appended to a packet, for traffic flow confidentiality, as well as
> a facility for efficient generation and discarding of "dummy"
> packets. Implementations SHOULD provide local management controls to
> enable the use of these capabilities on a per SA basis. The controls
> should specify which (if any) TFC features are to be employed, and
> provide parametric controls for the features.  For example, the
> controls might allow an administrator to generate random or fixed
> length dummy packets and to pad real packets to random or fixed
> lengths."
>
> Thank you,
> Karen

What about how often these dummy packets get sent, and the latency between
dummy packets.  Should this be a random stream or a fixed bandwidth stream?
Should the dummy data rate be configurable by the administrator?

--------------------------------------------------------------------------------
Tylor Allison
Principal Engineer

Secure Computing®
Protecting the world's most important networks (TM)
www.securecomputing.com
NASDAQ: SCUR

tylor_allison@securecomputing.com
--------------------------------------------------------------------------------