[e2e] Re: [Tsvwg] Really End-to-end or CRC vs everything else?

[David P. Reed]

At 04:52 PM 6/10/01 -0700, Dennis Ferguson wrote:
>Choices which are really good under some sets of circumstances are really
>bad under others.  For link-by-link protection from transmission errors we
>have the luxury of crafting the error detection to match the characteristics
>of the link, and even of changing it if the original choice is proven wrong,
>but end-to-end checksums are long-lived and are supposed to be able to treat
>the network stuff in between the ends as an ever-changing black box.  I
>have no idea how you design for this.

The traditional way to deal with this kind of non-statistical uncertainty 
is pretty straightforward.  What you do is assume that the error process is 
an *adversary* that knows everything about the protocol that can be known, 
and who *wins* the game if they can corrupt the data with a high enough 
probability.

The result of this thinking is that cryptographic message authentication is 
the appropriate answer.  A "key" chosen out of sight of the adversary, at 
random, is used to select from a range of functional transformations which 
are diverse enough so that without knowledge of the key, one cannot 
transform the datagram into an acceptable one.

For this, you don't need an "error model".






- David
--------------------------------------------
WWW Page: http://www.reed.com/dpr.html