RE: notes from developer's portion of IETF meeting

[ho@earth.hpc.org (Hilarie Orman)]

>   Btw, Dan, I think you're correct in stating why we are still
>   having this discussion and where it came from in the first place..

Not the way I remember it, but having followed this discussion for so many
years is nothing to be bragged about.

> Table 18.2 in Applied Cryptography, Second Edition, says that MD5 will
> do 174 Mbytes a second on a 33MHz 486SX...

Ridiculous by a factor of 100.  Note the spelling of snefru for an
indication of the dedication to accuracy in that table.

>   Optional integrity for ESP?  No.?  yes...?   I'd say no.

Well, for AH+ESP, my numbers indicate that would be a 10% to 30%
penalty, besides the bytes for the extra checksum.  A sort of heavy
penalty for authenticating the header.  All I'm saying is that you
must have SOME integrity, not that you need it twice.

>   Optional confidentiality for ESP?   I'd also say no. 

Unless you've got AH with it.  Why not use AH instead?  Because, it may well
turn out that at high speeds (> OC-3), AH will have regrettable performance
no overwhelming benefit.

Hilarie

---

Follow-Ups:

• RE: notes from developer's portion of IETF meeting
• From: Norman Shulman <norm@border.com>

---

• Prev by Date: RE: notes from developer's portion of IETF meeting
• Next by Date: Re: Comments on draft-ietf-ipsec-new-auth-00.txt
• Prev by thread: RE: notes from developer's portion of IETF meeting
• Next by thread: RE: notes from developer's portion of IETF meeting
• Index(es):
  • Main
  • Thread