And ESP compression could help applying TFC padding without consuming
considerable anount of additional bandwidth.
You mean TFC pad to something that's not the MTU ?
Probably, but not necessary.
Not sure I see how compression + TFC makes smaller packets, unless your
TFC padding is very small or zero, which presumably means the attaker
can get it to become 0 for some cases?
It depends on the goal of TFC padding. To defend against CRIME-like
attack it is enough to add some small (up to dozen or two) random number of
bytes to each packet.
Using compression helps not to earn (much) additional bandwidth in this case.
Of course, if your goal is a full TFC, than you need to make each
packet equal in size (and even better if you emit them at equal intervals).
Valery.
Paul
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
