[e2e] How TCP might look with always there ESP

Hilarie Orman HORMAN at volera.com
Tue Jul 17 10:50:37 PDT 2001


While what you say about checksums has some basis in theory, 
it is clearly wrong in practice.  There's reason to believe that the computation
necessary to produce even one undetectable corruption of a
SHA-1 hash is beyond feasible computation today.  Under the most
aggressive communication growth models, and under any error
model, an undetectable error under a SHA-1 hash would not
occur in less than 80 years.

SHA-1 is better than the 16-bit one's complement sum.

Hilarie

>>> Craig Partridge <craig at aland.bbn.com> 07/17/01 10:19AM >>>

In message <5.1.0.14.2.20010717091427.02495ea0 at localhost>, Robert Moskowitz wri
tes:

>First we would drop the CRC checksum.  All of the ESP auth methods are much 
>stronger.

Surprisingly no, you can't claim that one method of error detection is better
than another until and unless you define an error model to serve as the
basis of comparison.  ESP is no better than a checksum of the same length
in the absence of an error model (per the checksum discussion on this list
and Jonathan Stone's impending dissertation).

>But what about sequence numbers?  ESP has a seq # also.  Can it be used in 
>place of TCPs?  What restrictions need be placed on ESP's seq #?

You need to be able to wrap the ESP sequence number (TCP places no
constraints on the length of the data, ESP, with its requirement of
ever increasing sequence numbers, does) or link one ESP session with
another, seamlessly (which incidentally, we're already looking at in the
context of very high speed ESP support as the ESP sequence space is
too small).

Craig




More information about the end2end-interest mailing list