[hiprg] A more byte efficient ESP suite
Robert Moskowitz <rgm@htt-consult.com> Wed, 09 February 2011 22:13 UTC
Return-Path: <rgm@htt-consult.com>
X-Original-To: hiprg@core3.amsl.com
Delivered-To: hiprg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 842423A6826 for <hiprg@core3.amsl.com>; Wed, 9 Feb 2011 14:13:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TKIhKfsl8Wr3 for <hiprg@core3.amsl.com>; Wed, 9 Feb 2011 14:13:35 -0800 (PST)
Received: from klovia.htt-consult.com (klovia.htt-consult.com [208.83.67.149]) by core3.amsl.com (Postfix) with ESMTP id 919CA3A67F6 for <hiprg@irtf.org>; Wed, 9 Feb 2011 14:13:35 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by klovia.htt-consult.com (Postfix) with ESMTP id 6EFDB62ABF for <hiprg@irtf.org>; Wed, 9 Feb 2011 22:13:24 +0000 (UTC)
X-Virus-Scanned: amavisd-new at localhost
Received: from klovia.htt-consult.com ([127.0.0.1]) by localhost (klovia.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FAA3hRiRx8+b for <hiprg@irtf.org>; Wed, 9 Feb 2011 17:13:14 -0500 (EST)
Received: from nc2400.htt-consult.com (nc2400.htt-consult.com [208.83.67.155]) (Authenticated sender: rgm@htt-consult.com) by klovia.htt-consult.com (Postfix) with ESMTPSA id 530B762AB9 for <hiprg@irtf.org>; Wed, 9 Feb 2011 17:13:14 -0500 (EST)
Message-ID: <4D531179.1030404@htt-consult.com>
Date: Wed, 09 Feb 2011 17:13:13 -0500
From: Robert Moskowitz <rgm@htt-consult.com>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101209 Fedora/3.1.7-0.35.b3pre.fc14 Thunderbird/3.1.7
MIME-Version: 1.0
To: "hiprg@irtf.org" <hiprg@irtf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [hiprg] A more byte efficient ESP suite
X-BeenThere: hiprg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Host Identity Protocol \(HIP\) Research Group" <hiprg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/hiprg>
List-Post: <mailto:hiprg@irtf.org>
List-Help: <mailto:hiprg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hiprg>, <mailto:hiprg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Feb 2011 22:13:36 -0000
I have been pushed by a number of engineers working in resource constrained networks to 'fix' the ESP per IP packet overhead. Many just want to use dTLS, as (in theory) it could be spaning multiple IP datagrams (though I wonder if that is frequently true in these use scenarios). So please help me with my analysis: ESP takes at most 12 bytes: 4 SPI 4 Seq# 4 padding (though I would really like to get a better understanding of padding overhead) CCM (the primary candidate) takes: 8 IV 8-16 ICV So ESP-CCM is 28-36 bytes. But if your IV for CCM is a counter, and not a LFSR, and you use the ESP ESN, you 'compress' out the 8 byte IV from CCM for 20-28 bytes. Now note that when we were first doing CCM for ESP, I proposed this and actually did a rough draft, but Steve Kent insisted that LFSR be supported as well and that the IV always be explicit, giving us the CCM cipher for ESP we have today. 8 bytes IS a big deal to constrained networks (10% of the datapayload on 802.15.4). Has there been any discussions anywhere on this sort of optimization?
- [hiprg] A more byte efficient ESP suite Robert Moskowitz