Re: Comments on draft-ietf-ipsec-new-auth-00.txt
Stephen Kent <kent@bbn.com> Thu, 15 May 1997 19:34 UTC
Received: from cnri by ietf.org id aa14861; 15 May 97 15:34 EDT
Received: from portal.ex.tis.com by CNRI.Reston.VA.US id aa16093; 15 May 97 15:34 EDT
Received: (from majordom@localhost) by portal.ex.tis.com (8.8.2/8.8.2) id PAA26224 for ipsec-outgoing; Thu, 15 May 1997 15:22:09 -0400 (EDT)
X-Sender: kent@po1.bbn.com
Message-Id: <v03007817afa000c133d7@[128.89.30.23]>
In-Reply-To: <199705142034.QAA06294@jekyll.piermont.com>
References: Your message of "Wed, 14 May 1997 16:00:59 EDT." <v03007807af9f9141a520@[128.89.30.23]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 15 May 1997 15:21:55 -0400
To: perry@piermont.com
From: Stephen Kent <kent@bbn.com>
Subject: Re: Comments on draft-ietf-ipsec-new-auth-00.txt
Cc: ipsec@tis.com
Sender: owner-ipsec@ex.tis.com
Precedence: bulk
Perry, A good question, but one that requires translating from TCP window measurements (in bytes) to IPSEC units (packets), as Steve Bellovin pointed out. I don't know who has the data to make this translation. However, we have seen smoe statistics cited that note modest numbers of packets arriving out of order in some circumstances, and that prompted us to abandon the window size of 1 that had been in a previous draft of AH. It is the lack of good data in this area, plus the move to bigger, faster pipes, that makes it hard to figure out if 32 or 64 is big enough, although such numbers seem reasonable for today's Internet. Steve
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Steven M. Bellovin
- Re: Comments on draft-ietf-ipsec-new-auth-00.txt Stephen Kent