[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPv4 Security redux
I don't really see the point of having multiple keys that are going
to be stored right next to each other in the same trusted kernel anyway,
but I guess if it's a real requirement we might as well add it.
The only case where I think it really makes sense to have multiple keys
is when you have multiple ciphers with different performance/security
tradeoffs.
Exactly. The Motorola SP3 box I saw at Interop runs at ~600 packets/sec.
The DES encryptors there ran at or near Ethernet speeds. If you want
another example, just consider triple-DES vs. DES.
A question here is how applicable the military multi-level
compartmental security model is to commercial applications.
Well, given CIPSO, I'd say it does apply.
Follow-Ups: