Re: Traffic selectors, fragments, ICMP messages and security policy problems

[Mark Duffy <mduffy@quarrytech.com>]

At 09:19 AM 2/26/2004 -0500, Paul Koning wrote:
>I think Mark argued some in both direction (i.e., port selection as a
>workaround for poor crypto performance), but I agree with your view.
>If a feature is useful, it should be implementable at good
>performance.

Sorry, I fear that my earlier statement was unclear.  My concern is mainly 
that the standard be conducive to high-performance implementations.

I raised the notion of a high-speed implementation, some of whose peers are 
low speed implementations, as an example of a case where the low speed 
device could not handle encrypting all the traffic, forcing both the hi and 
low speed devices to go to port selectors in order to apply encryption more 
selectively.

--Mark