ipsec November 2007 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: [IPsec] Re: ESP's use of dummy packets?

[IPsec] Re: ESP's use of dummy packets?

From: Stephen Kent <kent_at_nospam>
Date: Fri Nov 30 2007 - 19:47:20 GMT
To: Csaba Kiraly <kiraly@dit.unitn.it>


>I would also like to take the occasion to say that we have made some
>efforts to extend the Traffic Flow Confidentiality capabilities of
>IPsec. In our research we were trying to create a separate TFC
>security protocol, which goes beyond the limited TFC capabilities
>that were already included in ESPv3. We have included support for
>size modifications such as padding (with explicit payload size
>information), fragmentation and aggregation. It also supports packet
>re-timing, as well as dummy generation and discarding. Finally, the
>choice of the masking algorithm combining one or more of these basic
>tools is handled separately.

Since 4303 already provides for arbitrary padding, and efficient dummy packet generation and discarding, presumably the additional features to which you refer are a management interface to control these extant features, plus packet re-timing and the fragmentation and aggregation features that help optimize channel bandwidth?


IPsec mailing list