[Cryptography] Really good ideas, harsh reality, tailored covertraffic
Dan McDonald
danmcd at kebe.com
Thu Sep 3 15:36:41 EDT 2020
On Thu, Sep 03, 2020 at 10:00:16AM -0400, Paul Wouters wrote:
> https://tools.ietf.org/html/draft-ietf-ipsecme-iptfs-01
>
> This document describes a mechanism to enhance IPsec traffic flow
> security by adding traffic flow confidentiality to encrypted IP
> encapsulated traffic. Traffic flow confidentiality is provided by
> obscuring the size and frequency of IP traffic using a fixed-sized,
> constant-send-rate IPsec tunnel. The solution allows for congestion
> control as well.
It looks like an attempt to reduce bandwidth waste. One thing I worry about,
if IP packets can span multiple tunnel IP packets, won't end-to-end
performance suffer under even mild drop rates?
Dan
More information about the cryptography
mailing list