[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: transport-friendly ESP

To: Alten@home.com
Subject: Re: transport-friendly ESP
From: Paul Koning <pkoning@xedia.com>
Date: Mon, 1 Feb 1999 11:51:16 -0500
Cc: kasten@argon.com, ipsec@tis.com
References: <3.0.3.32.19990130194427.00afa230@mail><v0401170cb2d7d08a8fd5@[128.33.238.173]><3.0.3.32.19990127200721.00b553e0@mail><199901280234.VAA03373@smb.research.att.com><3.0.3.32.19990131101536.0098abe0@shultz.argon.com><3.0.3.32.19990201014156.00b23290@mail>
Sender: owner-ipsec@ex.tis.com

>>>>> "Alex" == Alex Alten <Alten@home.com> writes:

 Alex> Frank, Thank you for your detailed analysis about why a block
 Alex> cipher like DES will not work for a core router.  It's a bit
 Alex> like saying why a 2400 baud modem won't work either.

I didn't see the message you're replying to; my guess is that it
appeared on the tf-esp list (which I don't see).

 Alex> Why can't we design, implement and verify a cipher that can
 Alex> meet these constraints you point out in such detail?  We are
 Alex> engineers who don't hesitate to design complex new protocols,
 Alex> yet when it comes to designing a new cipher we become extremely
 Alex> timid.

I should hope so.

Creating protocols is a completely trivial exercise by comparison, yet 
it's hard enough.  The number of competent cryptographers in the world 
is very small.  Many engineers are smart enough to know they are not
competent cryptographers.  (Unfortunately, some, either through
ignorance or otherwise, think that they are.)

I assume you know about the AES effort.  Apart from that, there are
additional existing cyphers that may be faster and/or more secure than 
DES.

 Alex> We know the asymptotic speed limit of any cipher, either an XOR
 Alex> or an indexed memory lookup operation.  Generally speaking on
 Alex> today's modern CPU's these are limited to how fast you can move
 Alex> data from main memory through the L2 & L1 caches and back out
 Alex> to main memory.  On a Pentium one can get 1.5 cycle/Byte, on a
 Alex> PPro 200 about 1 c/B, and on a PP II about .8 c/B.  Any extra
 Alex> computations should be simple, few in number and only on L1
 Alex> cached data.  I contend that it should be feasible to develop a
 Alex> cipher that can come close to meeting your performance and
 Alex> memory constraints.

I don't see that the CPU data moving timings have any relevance
whatsoever in a discussion about crypto on core routers.  Core routers 
don't do anything relating to forwarding in anything resembling a
general purpose CPU.

If you want to talk high speed crypto, you need to examine what the
state of the art allows for data rates in custom ASIC
implementations.  Those numbers are actually quite high, close to what 
core routers would need.  For example, a 1 Gb/s DES implementation was 
done back in 1992 (DEC SRC report #90).  And that one wasn't even
pipelined so you should be able to do quite a lot better with today's
densities. 

 Alex> However having said all that, I do agree that it will be a long
 Alex> time before the core routers would do any crypto.

That's probably true, but I'm not sure that performance is the
argument for it.  Rather, since end to end is the most useful way of
doing crypto, you wouldn't do it at core routers because they are not
at any end.

	paul

References:

Re: transport-friendly ESP

From: Frank Kastenholz <kasten@argon.com>

Re: transport-friendly ESP

From: Alex Alten <Alten@home.com>

Prev by Date: Re: transport-friendly ESP
Next by Date: I-D ACTION:draft-ietf-ipsec-monitor-mib-00.txt
Prev by thread: Re: transport-friendly ESP
Next by thread: Re: transport-friendly ESP
Index(es):
- Main
- Thread