On Tue, 18 Dec 2007, Eric Rescorla wrote:
At Mon, 17 Dec 2007 17:30:24 -0500,
Philip Matthews wrote:
In all three proposals, media packets would flow directly between the
X and Y, and not hop-by-hop around the overlay. So when ESP was used,
there would be no need to use STRP for media, or TLS or DTLS for
signaling.
This is arguably a bug, not a feature.
SRTP was explicitly designed to have very low overhead: just the
bits of the authentication tag itself, with no header, etc. The
rationale for this design was that RTP packets tend to be very
small and so the overhead for the header, IV, etc. was significant.
In cases where that type of constraint applies, then wrapping the
RTP in ESP would be bad.
I think the difference is around 18 bytes:
http://dasan.sejong.ac.kr/~wisa04/ppt/1A1.ppt
In practice, the difference is insignificant according to these results:
Bilien et at: Secure VoIP: call establishment and media protection:
http://www.minisip.org/publications/secvoip-minisip-camera.pdf
Currently, all three (public) HIP implementations support BEET-mode-ESP by
default. It has exactly the same byte overhead as transport mode.
--
Miika Komu http://www.iki.fi/miika/
_______________________________________________
P2PSIP mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/p2psip
