ipsec October 2011 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: Re: [IPsec] [TICTOC] Review request for IPsec security fo

Re: [IPsec] [TICTOC] Review request for IPsec security for packet based synchronization (Yang Cui)

From: Kevin Gross <kevin.gross_at_nospam>
Date: Thu Oct 20 2011 - 02:15:06 GMT
To: Stephen Kent <kent@bbn.com>

We don't need decrypt and encrypt to take the same amount of time. We need
encrypt+decrypt from master to slave to take the same time as
encrypt+decrypt from slave to master.

On Wed, Oct 19, 2011 at 9:53 AM, Stephen Kent <kent@bbn.com> wrote:

> At 10:53 AM -0400 10/19/11, Danny Mayer wrote:
>> On 10/18/2011 12:42 PM, Kevin Gross wrote:
>>> It does seem reasonable to consider modeling encryption and decryption
>>> in as part of network latency. As long as delays introduced are the same
>>> each direction, the sync protocols will naturally subtract out this
>>> contribution.
>> I very much doubt that encryption and decryption take the same length of
>> time but I'm sure people with experience with this will be able to tell
>> us definitively. Almost certainly you will have asymmetric delays in the
>> network path anyway even if the path is identical in both directions.
>> Danny
> For most symmetric algs, and many modes of use, the times are the same.
> The timing tend to differ for asymmetric algs.
> Steve

-- Kevin Gross +1-303-447-0517 Media Network Consultant AVA Networks - www.AVAnw.com <http://www.avanw.com/>, www.X192.org

IPsec mailing list