[Sis-csi] IPSec AH and SCPS-NP

Ivancic, William D. (GRC-RCN0) william.d.ivancic at nasa.gov
Thu Dec 7 11:23:37 EST 2006


If I am going to tunnel, I don't think I would ever use SCPS-NP as I don't understand what the benefit would be. 

My understanding is that one would use NP because your link is so confined that every bit counts.  Thus SCPS-NP only makes sense to me as a gateway deployment.  Likewise if one is using SCPS-NP, I believe one would use SCPS-SP as well because there simply would not be enough bandwidth to carry IPsec.

Am I off-base hear or does that make sense?

Now, the 100,000 dollar question.  Has anyone deployed SCPS-NP?  If not, will anyone deploy SCPS-NP?

Also, if one is addressing IPv4/NP one most certainly should also address IPv6/NP.


Will




******************************
William D. Ivancic
Phone 216-433-3494
Fax 216-433-8705
Lab 216-433-2620
Mobile 440-503-4892
http://roland.grc.nasa.gov/~ivancic 
 

> -----Original Message-----
> From: sis-csi-bounces at mailman.ccsds.org 
> [mailto:sis-csi-bounces at mailman.ccsds.org] On Behalf Of Marc Blanchet
> Sent: Thursday, December 07, 2006 9:43 AM
> To: Scott, Keith L.
> Cc: Durst, Robert C.; sis-csi at mailman.ccsds.org; Feighery,Patrick D.
> Subject: Re: [Sis-csi] IPSec AH and SCPS-NP
> 
> Maybe my comment is dumb, but why don't tunnel 
> IPv*-with-IPsec into the payload of SCPS-NP (i.e. include the 
> whole IP header and payload into the payload of SCPS-NP) and 
> then you have "nothing" to do to support IPsec in NP, since 
> IPsec will be managed by IP devices. dumb?
> 
> Marc.
> 
> Le 06-12-06 à 15:28, Scott, Keith L. a écrit :
> 
> > As part of our charter item to update existing CCSDS  
> > specifications, there is a rather old outstanding action item to  
> > update the SCPS Network Protocol (SCPS-NP) to support carriage of  
> > information needed for end-to-end IPSec AH across SCPS-NP networks.
> >
> > I put together some slides on this topic and placed them at 
> (http:// 
> > 
> public.ccsds.org/sites/cwe/sis-csi/Public/Draft%20Documents/Carrying 
> > %20IPSEC%20Authentication%20Headers%20in%20SCPS-NP.ppt).  The  
> > slides present three options with varying implications (one option  
> > uses only a new TPID but costs a byte, the other two have lower  
> > overhead but use bits from the NP control field).
> >
> > I'd like to open this up for disucussion and try to come to 
> a rough  
> > consensus before we go into the January meetings.
> >
> >         --keith
> >
> > _______________________________________________
> > Sis-CSI mailing list
> > Sis-CSI at mailman.ccsds.org
> > http://mailman.ccsds.org/cgi-bin/mailman/listinfo/sis-csi
> 
> 
> _______________________________________________
> Sis-CSI mailing list
> Sis-CSI at mailman.ccsds.org
> http://mailman.ccsds.org/cgi-bin/mailman/listinfo/sis-csi
> 



More information about the Sis-CSI mailing list