[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RPSEC] rate limiting management traffic, redux

To: Stephen Kent <kent@bbn.com>
Subject: Re: [RPSEC] rate limiting management traffic, redux
From: Iljitsch van Beijnum <iljitsch@muada.com>
Date: Sat, 19 Apr 2003 19:46:39 +0200
Cc: rpsec@ietf.org
In-reply-to: <p05100318bac609d16938@[128.89.88.34]>
List-help: <mailto:rpsec-request@ietf.org?subject=help>
List-id: Routing Protocol Security Requirements <rpsec.ietf.org>
List-post: <mailto:rpsec@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>,<mailto:rpsec-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/rpsec>,<mailto:rpsec-request@ietf.org?subject=unsubscribe>
Sender: rpsec-admin@ietf.org

On vrijdag, apr 18, 2003, at 22:08 Europe/Amsterdam, Stephen Kent wrote:

In other words: yes, your integrety check is cheaper than full AH, but is it worth the trouble to implement a new protocol in hardware? If I were buying crypto hardware, I'd rather have it do full line rate IPsec.

No disagreement about what would be ideal, just a matter of complexity and cost, which I have been told are concerns for some folks :-)

They are. Maybe we'll see hardware that can do line rate crypto in some places in the forseeable future, for instance at the edges to protect against denial of service. But I'm pretty confident most people will not be happy doing line rate crypto on a 40 Gbps linecard just to protect a 1 Mbps max BGP session.

Currently IPsec ESP supports authentication and encryption, maybe this could be an additional IPsec service?

ESP mandates support for confidentiality plus integrity, or integrity only, or confidentiality only. Since the IPsec WG is trying to simplify the range of options, we're dropping mandatory support for confidentiality only. I don't see it as likely that we would add an "authentication tag not tied to the payload" option.

Does it make sense to reinvent the wheel here? Especially as we can at least reuse the anti-replay counter and possibly borrow some space from the initialization vector to store the tag. Obviously this mechanism would be entirely optional.

A tag formed from a truncated hash function output has the advantage that an attacker is not able to see all the output bits to try to work backwards to the key. But, we have not yet specified the function we will use to generate the tag, and so it's a bit premature to talk about whether a truncated output from that unspecified function is appropriate :-).

Agree. I was just pointing out that a bigger tag isn't necessarily better.

_______________________________________________
RPSEC mailing list
RPSEC@ietf.org
https://www1.ietf.org/mailman/listinfo/rpsec

Follow-Ups:
- Re: [RPSEC] rate limiting management traffic, redux
  - From: Stephen Kent

References:
- Re: [RPSEC] rate limiting management traffic, redux
  - From: Stephen Kent

Prev by Date: Re: [RPSEC] rate limiting management traffic, redux
Next by Date: Re: [RPSEC] Threat model slides from SF?
Previous by thread: Re: [RPSEC] rate limiting management traffic, redux
Next by thread: Re: [RPSEC] rate limiting management traffic, redux
Index(es):
- Date
- Thread