RE: [tcpm] (no subject)
Yogesh.Swami@nokia.com Wed, 21 April 2004 23:47 UTC
Received: from optimus.ietf.org (optimus.ietf.org [132.151.1.19]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA01817 for <tcpm-archive@odin.ietf.org>; Wed, 21 Apr 2004 19:47:03 -0400 (EDT)
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BGRMq-0001Wf-2d for tcpm-archive@odin.ietf.org; Wed, 21 Apr 2004 19:43:00 -0400
Received: (from exim@localhost) by www1.ietf.org (8.12.8/8.12.8/Submit) id i3LNh0iD005861 for tcpm-archive@odin.ietf.org; Wed, 21 Apr 2004 19:43:00 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BGRCm-0004EJ-64 for tcpm-web-archive@optimus.ietf.org; Wed, 21 Apr 2004 19:32:36 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id TAA00538 for <tcpm-web-archive@ietf.org>; Wed, 21 Apr 2004 19:32:34 -0400 (EDT)
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BGRCk-0007Te-Ht for tcpm-web-archive@ietf.org; Wed, 21 Apr 2004 19:32:34 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BGRBf-0007Cn-00 for tcpm-web-archive@ietf.org; Wed, 21 Apr 2004 19:31:28 -0400
Received: from optimus.ietf.org ([132.151.1.19]) by ietf-mx with esmtp (Exim 4.12) id 1BGRAd-0006xD-00 for tcpm-web-archive@ietf.org; Wed, 21 Apr 2004 19:30:23 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=www1.ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BGQqx-0000Jf-EP; Wed, 21 Apr 2004 19:10:03 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by optimus.ietf.org with esmtp (Exim 4.20) id 1BGQZp-0007so-F7 for tcpm@optimus.ietf.org; Wed, 21 Apr 2004 18:52:21 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA27177 for <tcpm@ietf.org>; Wed, 21 Apr 2004 18:52:16 -0400 (EDT)
From: Yogesh.Swami@nokia.com
Received: from ietf-mx.ietf.org ([132.151.6.1] helo=ietf-mx) by ietf-mx with esmtp (Exim 4.32) id 1BGQZm-0006Cc-AZ for tcpm@ietf.org; Wed, 21 Apr 2004 18:52:18 -0400
Received: from exim by ietf-mx with spam-scanned (Exim 4.12) id 1BGQYr-00061k-00 for tcpm@ietf.org; Wed, 21 Apr 2004 18:51:21 -0400
Received: from mgw-x3.nokia.com ([131.228.20.26]) by ietf-mx with esmtp (Exim 4.12) id 1BGQY3-0005qZ-00 for tcpm@ietf.org; Wed, 21 Apr 2004 18:50:31 -0400
Received: from esdks001.ntc.nokia.com (esdks001.ntc.nokia.com [172.21.138.120]) by mgw-x3.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i3LMoOd22273; Thu, 22 Apr 2004 01:50:24 +0300 (EET DST)
X-Scanned: Thu, 22 Apr 2004 01:50:20 +0300 Nokia Message Protector V1.3.21 2004031416 - RELEASE
Received: (from root@localhost) by esdks001.ntc.nokia.com (8.12.9/8.12.9) id i3LMoK6W029095; Thu, 22 Apr 2004 01:50:20 +0300
Received: from mgw-int1.ntc.nokia.com (172.21.143.96) by esdks001.ntc.nokia.com 00GAm6FQ; Thu, 22 Apr 2004 01:50:18 EEST
Received: from daebh002.NOE.Nokia.com (daebh002.americas.nokia.com [10.241.35.122]) by mgw-int1.ntc.nokia.com (Switch-2.2.8/Switch-2.2.8) with ESMTP id i3LMoDs00802; Thu, 22 Apr 2004 01:50:14 +0300 (EET DST)
Received: from daebe004.NOE.Nokia.com ([10.241.35.104]) by daebh002.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881); Wed, 21 Apr 2004 17:49:59 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [tcpm] (no subject)
Date: Wed, 21 Apr 2004 17:50:00 -0500
Message-ID: <025E7DD4182874489CC2F61EE0FA19CE02885697@daebe004.americas.nokia.com>
Thread-Topic: [tcpm] (no subject)
Thread-Index: AcQn6utKfTFTgMLGTomeEZyOF0RQRAABlpVg
To: fw@deneb.enyo.de
Cc: tcpm@ietf.org
X-OriginalArrivalTime: 21 Apr 2004 22:49:59.0797 (UTC) FILETIME=[F9B1E250:01C427F2]
Content-Transfer-Encoding: quoted-printable
Sender: tcpm-admin@ietf.org
Errors-To: tcpm-admin@ietf.org
X-BeenThere: tcpm@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=unsubscribe>
List-Id: TCP Maintenance and Minor Extensions Working Group <tcpm.ietf.org>
List-Post: <mailto:tcpm@ietf.org>
List-Help: <mailto:tcpm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/tcpm>, <mailto:tcpm-request@ietf.org?subject=subscribe>
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on ietf-mx.ietf.org
X-Spam-Status: No, hits=0.2 required=5.0 tests=AWL, NO_REAL_NAME autolearn=no version=2.60
Content-Transfer-Encoding: quoted-printable
Content-Transfer-Encoding: quoted-printable
> > then maybe routers can use IPSec with a well known permanent shared > > key with different session keys. This will be more secure, compared > > to this draft, and faster to deploy.) > > I don't think IPsec on core routers is faster to deploy. RFC 2385 > should be enough for now, but also has got its issues (higher CPU > consumption for processing packets). IPsec would share these issues > or would result in even more overhead. > I don't know much about router architectures, so I can't really comment whether IPSec or changing TCP is a better solution. But if I were to choose between a well defined protocol and a protocol that is still under discussion in the IETF, I would choose the former. > > Moreover, it will also be useful to specify if the proposed > solutions > > can use cryptography or not. Many people are not comfortable with > > cryptographic techniques partly because of throughput reasons. > > Exactly. Keep in mind that 200 MHz MIPS CPUs are widely deployed. > > > But in many cases it might be useful to have a low computation > > cryptographic methods to solve the problems without hurting the > > throughput. For example, a TCP sender with Time Stamp option could > > just encrypt the 32 bit timestamp using AES, and practically solve > > all the problems in this draft. > > What about a new TCP option which contains a few random bytes that are > constant for each connection? This option could be checked very > cheaply, maybe some day even by those ASICs which operate at > wirespeed. Will work too, but remember that DOFF only allows 15, 32 bit words for TCP options. With SACK, timestamps etc, there is not a lot of room left for new options. Of course this is not too big of a problem. > > > (I am not saying we should do this). Encrypting a 32 bit > > number doesn't take a lot of time/computation and the > receiver doesn't > > need to keep states to make this work. And, in principle it's not > > different from having a challenge response cookie.) > > You have to encrypt a full 128 bit block, and I doubt it would be much > cheaper than MD5/RFC 2385. > Yes it will be much cheaper. With MD5/RFC 2385, you compute the hash on the entire ~1400 byte packet. With AES or a different stream cipher, it could be a lot less computation. --Yogesh _______________________________________________ tcpm mailing list tcpm@ietf.org https://www1.ietf.org/mailman/listinfo/tcpm
- [tcpm] (no subject) Ted Faber
- [tcpm] (no subject) Yogesh.Swami
- Re: [tcpm] (no subject) Florian Weimer
- RE: [tcpm] (no subject) Yogesh.Swami
- Re: [tcpm] (no subject) Anantha Ramaiah
- [tcpm] (no subject) Anantha Ramaiah (ananth)
- [tcpm] TCP persist state issue. Anantha Ramaiah (ananth)
- Re: [tcpm] TCP persist state issue. John Heffner
- Re: [tcpm] TCP persist state issue. Anantha Ramaiah (ananth)
- Re: [tcpm] TCP persist state issue. Joe Touch
- Re: [tcpm] TCP persist state issue. Anantha Ramaiah (ananth)
- [tcpm] (no subject) Eddy, Wesley M. (GRC-MS00)[Verizon]