[Sis-csi] IPSec AH and SCPS-NP
Marc Blanchet
marc.blanchet at viagenie.ca
Thu Dec 7 11:32:51 EST 2006
Le 06-12-07 à 11:23, Ivancic, William D. (GRC-RCN0) a écrit :
> If I am going to tunnel, I don't think I would ever use SCPS-NP as
> I don't understand what the benefit would be.
I know that NP is "IP with less bits".
>
> My understanding is that one would use NP because your link is so
> confined that every bit counts. Thus SCPS-NP only makes sense to
> me as a gateway deployment. Likewise if one is using SCPS-NP, I
> believe one would use SCPS-SP as well because there simply would
> not be enough bandwidth to carry IPsec.
>
> Am I off-base hear or does that make sense?
>
> Now, the 100,000 dollar question. Has anyone deployed SCPS-NP? If
> not, will anyone deploy SCPS-NP?
then, why care taking significant efforts in trying to retrofit IPsec
into it?
Marc.
>
> Also, if one is addressing IPv4/NP one most certainly should also
> address IPv6/NP.
>
>
> Will
>
>
>
>
> ******************************
> William D. Ivancic
> Phone 216-433-3494
> Fax 216-433-8705
> Lab 216-433-2620
> Mobile 440-503-4892
> http://roland.grc.nasa.gov/~ivancic
>
>
>> -----Original Message-----
>> From: sis-csi-bounces at mailman.ccsds.org
>> [mailto:sis-csi-bounces at mailman.ccsds.org] On Behalf Of Marc Blanchet
>> Sent: Thursday, December 07, 2006 9:43 AM
>> To: Scott, Keith L.
>> Cc: Durst, Robert C.; sis-csi at mailman.ccsds.org; Feighery,Patrick D.
>> Subject: Re: [Sis-csi] IPSec AH and SCPS-NP
>>
>> Maybe my comment is dumb, but why don't tunnel
>> IPv*-with-IPsec into the payload of SCPS-NP (i.e. include the
>> whole IP header and payload into the payload of SCPS-NP) and
>> then you have "nothing" to do to support IPsec in NP, since
>> IPsec will be managed by IP devices. dumb?
>>
>> Marc.
>>
>> Le 06-12-06 à 15:28, Scott, Keith L. a écrit :
>>
>>> As part of our charter item to update existing CCSDS
>>> specifications, there is a rather old outstanding action item to
>>> update the SCPS Network Protocol (SCPS-NP) to support carriage of
>>> information needed for end-to-end IPSec AH across SCPS-NP networks.
>>>
>>> I put together some slides on this topic and placed them at
>> (http://
>>>
>> public.ccsds.org/sites/cwe/sis-csi/Public/Draft%20Documents/Carrying
>>> %20IPSEC%20Authentication%20Headers%20in%20SCPS-NP.ppt). The
>>> slides present three options with varying implications (one option
>>> uses only a new TPID but costs a byte, the other two have lower
>>> overhead but use bits from the NP control field).
>>>
>>> I'd like to open this up for disucussion and try to come to
>> a rough
>>> consensus before we go into the January meetings.
>>>
>>> --keith
>>>
>>> _______________________________________________
>>> Sis-CSI mailing list
>>> Sis-CSI at mailman.ccsds.org
>>> http://mailman.ccsds.org/cgi-bin/mailman/listinfo/sis-csi
>>
>>
>> _______________________________________________
>> Sis-CSI mailing list
>> Sis-CSI at mailman.ccsds.org
>> http://mailman.ccsds.org/cgi-bin/mailman/listinfo/sis-csi
>>
More information about the Sis-CSI
mailing list