ipsec October 2011 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: Re: [IPsec] [TICTOC] Review request for IPsec security fo

Re: [IPsec] [TICTOC] Review request for IPsec security for packet based synchronization (Yang Cui)

From: Danny Mayer <mayer_at_nospam>
Date: Wed Oct 19 2011 - 14:53:04 GMT
To: Kevin Gross <kevin.gross@avanw.com>

On 10/18/2011 12:42 PM, Kevin Gross wrote:
> It does seem reasonable to consider modeling encryption and decryption
> in as part of network latency. As long as delays introduced are the same
> each direction, the sync protocols will naturally subtract out this
> contribution.

I very much doubt that encryption and decryption take the same length of
time but I'm sure people with experience with this will be able to tell
us definitively. Almost certainly you will have asymmetric delays in the
network path anyway even if the path is identical in both directions.


> Kevin Gross
> On Fri, Oct 14, 2011 at 11:25 AM, Nico Williams <nico@cryptonector.com
> <mailto:nico@cryptonector.com>> wrote:
> The cost of crypto can be measured, and performance generally
> deterministic (particularly when there's no side channels in the
> crypto) (assuming no mid-crypto context switches), so that it should
> be possible to correct for the delays introduced by crypto (just as
> it's possible to measure and estimate network latency). Indeed,
> crypto processing will likely be more deterministic than network
> latency :)

IPsec mailing list