[linux-elitists] Re: Looking back ten years: Another Cypherpunksfailure (fwd)

Enzo Michelangeli em at who.net
Mon Jan 28 19:41:07 EST 2002


> > There are other problems with using IPsec for VoIP..  In many cases
> > you are sending a large number of rather small packets of data.  In
> > this case, the extra overhead of ESP can potentially double the size
> > of your data.
>
> HOW small?  You'd already be adding IP+UDP+RTP headers (20 [or 40] +
> 8 + 12 = 40 [or 60] bytes).  Using ESP with authentication would add
> another 22, plus possible explicit IV and padding, if needed -- call
> it 30?
>
> 20ms of uncompressed telephone quality data is 160 bytes ...

True, but VoIP uses pretty efficient codecs, typically compressing by a
factor of 8 (G.729) to 10-12 (G.723.1). On the other hand, the payload of an
RTP packet may contain more than one frame (increasing the latency, of
course: see e.g. http://www.openh323.org/docs/bandwidth.html ).

Anyway, IPSEC (plus Kerberos/PKINIT) is the security mechanism chosen by the
PacketCable initiative:

http://www.packetcable.com/
http://www.packetcable.com/specs/PKT-SP-SEC-I05-020116.pdf

Enzo





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list