[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What price security?

To: dpkemp@missi.ncsc.mil (David P. Kemp)
Subject: Re: What price security?
From: "Perry E. Metzger" <perry@piermont.com>
Date: Fri, 20 Jun 1997 11:45:43 -0400
cc: ipsec@tis.com
In-reply-to: Your message of "Fri, 20 Jun 1997 09:28:26 EDT." <199706201328.JAA17227@argon.ncsc.mil>
Reply-To: perry@piermont.com
Sender: owner-ipsec@ex.tis.com

David P. Kemp writes:
> > From: "Perry E. Metzger" <perry@piermont.com>
> >
> > I used to think that 3DES and other algorithms like it were "too
> > expensive".
> > 
> > Extensive day to day use of SSH taught me otherwise. I 3DES encrypt
> > ALL my network traffic these days -- backups, remote logins, the works
> > -- and I never notice the speed loss.
> 
> Nonetheless, there are applications (such as gigabit routers) where the
> processor-to-bandwidth ratio is smaller than pentium-over-modem.

No doubt.

Of course, one of the advantages of the Internet architecture is that
routers generally aren't communications endpoints (they are, but only
for a tiny amount of management traffic) so they generally aren't
going to be doing much encryption. It is only endpoint hosts with
gigabit speed networks that need to worry, and those are (currently)
rare, and probably by the time they are common processors will be
substantially faster.

For the edge case of Virtual Network equipment that has to go at high
speeds, well, gigabit speed 3DES chips are available, and cheap
compared to the rest of the router.

Perry

Follow-Ups:

Re: What price security?

From: Robert Moskowitz <rgm3@chrysler.com>

References:

Re: What price security?

From: dpkemp@missi.ncsc.mil (David P. Kemp)

Prev by Date: Re: ISAKMP encryption choices?
Next by Date: Re: What price security?
Next by thread: Re: New draft -- IPSEC AH
Index(es):
- Main
- Thread