[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPsec and TCP

To: andrade@netcom.com (Andrade Software Andrade Networking)
Subject: Re: IPsec and TCP
From: "Terry L. Davis, Boeing Information & Support Services, Bellevue, WA" <tld5032@commanche.ca.boeing.com>
Date: Sun, 19 Jan 97 20:35:20 -0800
Cc: gnu@toad.com (John Gilmore), karn@qualcomm.com, ipsec@tis.com
In-Reply-To: (Your message of Sat, 18 Jan 97 22:40:08 -0800.) <199701190640.WAA25885@netcom22.netcom.com>
Sender: owner-ipsec@ex.tis.com


Alex

Just want to throw in my two cents worth of support on your state-
ment in general.  As Phil points out the numbers may be a bit better
than yours, but in general we still seem to have a serious problem
with performance with most of the DES-like complex cryptography.

When we begin to scale the complex types beyond single user systems,
it appears that local encryption engines may be needed to maintain
reasonable ratio's of users per server.  We have servers that today 
maintain several hundred simultaneous TCP/IP connections.  Ideally
within a few years all of these connections would be encrypted.  I
think as we begin to scale cryptography into supporting systems that
support large numbers of simultaneous encrypted connections,
performance will be a huge issue.  For example, we have a group of
proxy servers running SSL and today our code measurements show that
they are running past 90% of the time in the encryption routines.

In the short term, until we can get encryption engines embedded into
(or near) the processors, we may need to make some reasonable choices
on the weights of encryption we plan to use.  In many cases, reserving
heavy weight encryptions like DES for critical/sensitive connections,
and using lighter weight cypher solutions to protect less critical
ones my make sense.  If we can't successfully use strong encryption
on all connections, we'd still like to be able to encrypt all of them
even if this requires use of lighter encryption forms for some.
There's a couple of good reasons to do this:
 1) We don't want to make it easy for someone to figure out which
    connections are important simply because they are the only ones
    encrypted.
 2) If we have all connections encrypted with a mix of encryption types
    running, an attacker must then expend considerable resources
    figuring out which type of encryption the connection is protected
    with before attempting to crack it and then perhaps only to find
    it was a download of a now out of date weather map.
 3) Make casual eavesdropping not quit so casual(i.e Newt).  Even
    very light cyphers, especially if a lot of them are used, would
    take most of the fun out of eavesdropping with a scanner or sniffer
    simply by adding an element of work.

Hopefully some of the developers/vendors out there will run some
scaling tests soon and provide some feedback to the WG on "server"
performance.  I know some folks are planning to include the 
encryption engines with their platforms but I'd like to see some
raw unassisted numbers on just large servers.  It'd be a real help
to those of us trying to plan large scale deployment of encryption
and perhaps it would prove our performance fears with DES/3DES and
similarly complex encryptions unfounded.

Take care

|   Terry L. Davis, P.E.   |  Boeing Information & Support Services    |
|       206-957-5325       |  terry.l.davis@boeing.com.                |
   --------------- Sunday January 19,1997 07:51 PM PST -------------

Follow-Ups:

Re: IPsec DES slowdown

From: graydon hoare <admin@multinet.net>

References:

Re: IPsec and TCP

From: andrade@netcom.com (Andrade Software Andrade Networking)

Prev by Date: Re: IPsec and TCP
Next by Date: Re: IPsec DES slowdown
Prev by thread: Re: IPsec and TCP
Next by thread: Re: IPsec DES slowdown
Index(es):
- Main
- Thread