Re: Choice of ESP alg. for IPS/IPSec - 3DES-CBC vs. 3DES-CBC-I

To: bernard_aboba@hotmail.com
Subject: Re: Choice of ESP alg. for IPS/IPSec - 3DES-CBC vs. 3DES-CBC-I
From: Paul Koning <pkoning@equallogic.com>
Date: Mon, 3 Dec 2001 10:35:12 -0500 (EST)
Cc: ips@ece.cmu.edu
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
References: <F167tlJI2NehG7XtDIF00006677@hotmail.com>
Sender: owner-ips@ece.cmu.edu

>>>>> "Bernard" == Bernard Aboba <bernard_aboba@hotmail.com> writes:

 Bernard> In our analysis of algorithms, we have been constrained by
 Bernard> the transforms existing or under development by IPsec WG. In
 Bernard> general, the IPsec WG takes it lead from NIST/ANSI, which
 Bernard> looks not only at performance and implementability in
 Bernard> hardware and software, but also security and intellectual
 Bernard> property issues. 

And indeed there are IP concerns relating to several of the proposed
"new modes".  One of them is subject to a license fee that appears to
be documented (not zero, not really close to zero, but arguably
tolerable).  Another is subject to a "reasonable and
non-discriminatory" statement from the owner, but I have seen the
default licensing terms from that company in the past and would not
agree that the phrase "reasonable" applies.  

 Bernard> ...Given that 3DES-CBC-I has already been standardized by ANSI,
 Bernard> it may be feasible to get an IPsec transform document
 Bernard> written and adopted as a work item by IPsec WG. If this can
 Bernard> happen, then it would be possible to argue the merits of
 Bernard> this algorithm versus the other ones under
 Bernard> consideration. Given the prevalence of 3DES-CBC however, I
 Bernard> suspect that the argument would be over whether 3DES-CBC-I
 Bernard> would become a MAY or a SHOULD implement, rather than a
 Bernard> MUST.

CBC-I is no less a hardware change than any other new mode.  So it's
not clear why it would be useful to work on that rather than on other
new modes.  Perhaps if there aren't IP issues with it?

Given that IPSec acts at the datagram level, you can do interleaving
on a packet basis.  In a high speed implementation, it is reasonable
to expect that there are several packets awaiting processing at a
time.  If so, they can each be run through separate processing
elements.  So the CBC bottleneck applies within a packet but not
across packets.  That's not to say that new modes aren't interesting
-- but it says that you can continue to improve performance in the
meantime. 

     paul

References:
- Re: Choice of ESP alg. for IPS/IPSec - 3DES-CBC vs. 3DES-CBC-I
  - From: "Bernard Aboba" <bernard_aboba@hotmail.com>

Prev by Date: I-D ACTION:draft-ietf-ips-fcip-slp-01.txt
Next by Date: Re: iSCSI: abort task & abort task set
Prev by thread: Re: Choice of ESP alg. for IPS/IPSec - 3DES-CBC vs. 3DES-CBC-I
Next by thread: RE: Choice of ESP alg. for IPS/IPSec - 3DES-CBC vs. 3DES-CBC-I
Index(es):
- Date
- Thread

Home

Last updated: Tue Dec 04 19:17:48 2001
7995 messages in chronological order