Hello IETF, I am new to LWIP/IPSEC. I read draft-mglt-lwig-minimal-esp. Here is my summary:
1. Don't use random SPI because getting randomness on small devices is expensive. This will of course leak privacy. If a vendor/app uses fixed SPI for his devices, then someone on the network can find out info of vendor/app. Also, why a device can generate random number for doing IKEv2, nonces etc. but not for generating SPI? 2. Storing sequence numbers is difficult so devices can use time. Getting time on small devices is actually much harder. Also is there some hard info that reading time is cheaper than reading sequence number from memory? I can also look at packets much later and tell when you sent a packet. 3. Don't use Traffic Flow Confidentiality again loosing privacy. 4. Don't use dummy packets again loosing privacy. 5. Reference rfc 8221 for IoT related crypto suites. I don't know why IETF would publish this document when they have rfc 6973. I want to see some actual performance from a real ESP implementation where privacy is protected and energy is saved by tweaking the TFC and how often dummy packet is sent. Ciao Heinrich
_______________________________________________ Lwip mailing list [email protected] https://www.ietf.org/mailman/listinfo/lwip
