VoIP over IPsec
Stephen Sprunk
stephen at sprunk.org
Tue Feb 18 19:11:31 UTC 2003
Thus spake "Vadim Antonov" <avg at kotovnik.com>
> In fact, a method to encrypt small parcels of data efficiently is
> well-known for decades. It is called "stream cypher" (surprise).
> Besides LFSR-based and other stream cyphers, any block cypher
> can be used in this mode. Its application to RTP is trivial and
> straight-forward. Just leave sequence number in clear text, so that
> position in the stream is recoverable in case of packet loss.
Most stream modes are chained in some way to intentionally disrupt
decryption if part of the ciphertext is missing; that is why IPsec resets
the stream for each packet (currently).
When NIST was standardizing AES, they added CTR mode specifically to address
IPsec implementations. I think there's already been a draft out of the IRTF
on how to modify IPsec for this, but it's not something I've followed
closely.
> It also allows precomputation of the key stream, adding nearly zero
> latency/jitter to the actual packet processing.
You fail to note that this requires precomputing and storing a keystream for
every SA on the encrypting device, which often number in the thousands.
This isn't feasible in a software implementation, and it's unnecessary in
hardware.
S
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking
More information about the NANOG
mailing list