[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What price security?

  As I've said, my experience at this point is that I rarely if ever
  notice the cost of encryption day to day, and I use it all the time --
  even on my home ethernet.

Like you, I have suspicions that I could drink less coffee if it was
simpler to turn it off per-app, and request just that when D/L big .tar.gz
from the wub. I guess systems management cudgels are designed to make this
'un-feature' knob er, hard on the knuckles, and thus less likely to be tweeked.
  And if its a small issue now, imagine what it will be like in two
  years, when Intel 300Mhz Pentium II machines are low to medium end
  home machines?

Modulo the issue of VR/MM exceeding current constraints of 128x128 boxlets
of action. If we have real VHS quality material flying around, things might
still be requiring a bit more bandwidth than we use now.

However, It seems to me that this comes down to the bandwidth-delay product
and as long as ipsec notes the effect of algorithms on end-to-end and per-link
costs in that sense, upper-layer architects can take that into account.

So does IPSEC alone impose enough added delay in the path to make bigwin and
other long-delay options important for preservation of service level? Does it
have impact on packetloss backoff and recovery strategies? Certainly at the
application level it would, there was a small amount of discussion about this
on one of the MBONE related lists, considering how application level streaming
media could use stream ciphers with lossy protocols. the recovery issues seem
to me to be messy in space and time, but block ciphers would seem to carry
much more overhead.

Is this a no-win situation that just has to be borne?


George Michaelson         |  connect.com.au pty/ltd
Email: ggm@connect.com.au |  c/o AAPT,
Phone: +61 7 3834 9976    |  level 8, the Riverside Centre,
  Fax: +61 7 3834 9908    |  123 Eagle St, Brisbane QLD 4000