[linux-elitists] Re: Looking back ten years: Another Cypherpunksfailure (fwd)

[Derek Atkins]

Matt Crawford <crawdad at fnal.gov> writes:

> > There are other problems with using IPsec for VoIP..  In many cases
> > you are sending a large number of rather small packets of data.  In
> > this case, the extra overhead of ESP can potentially double the size
> > of your data.
> 
> HOW small?  You'd already be adding IP+UDP+RTP headers (20 [or 40] +
> 8 + 12 = 40 [or 60] bytes).  Using ESP with authentication would add
> another 22, plus possible explicit IV and padding, if needed -- call
> it 30?
> 
> 20ms of uncompressed telephone quality data is 160 bytes ...

8-bit u-law (standard telephone quality) is 56kb/sec.  20ms at that
rate is 140 bits (I guess you assumed 64kb/sec to get 160 bits?).
However, many audio codecs in common use (e.g. G7.11) output a
bit-rate much smaller than 8-bit u-law, to the point were we're really
talking about 20-30 bytes of data for that same 20ms of audio.  Yes,
we're talking 8-12kb/sec codecs.  This means that in order to send 20
bytes of data you're already adding 60 bytes (or a factor-of-three
increase), not to mention the extra 22 (or more) for ESP.

The other thing to keep in mind is that IP+UDP+RTP can be compressed
using standard header-compression techniques, which pretty much
eliminates most of that extra overhead.  So, maybe your
factor-of-three increase that we're seeing above is now reduced to a
factor-of-one increase.  The problem is that if you use ESP then your
UDP and RTP headers are now encrypted within the ESP, thereby
destroying your chance for any kind of header compression.

-derek

-- 
       Derek Atkins, Computer and Internet Security Consultant
       IHTFP Consulting (www.ihtfp.com)
       derek at ihtfp.com
       



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com