[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: new second mandatory IPsec cipher

To: Rodney Thayer <rodney@ssh.fi>
Subject: Re: new second mandatory IPsec cipher
From: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>
Date: Wed, 14 Jul 1999 08:42:53 -0400
Cc: Sandy Harris <sandy.harris@sympatico.ca>, ipsec@lists.tislabs.com
In-reply-to: Your message of "Wed, 14 Jul 1999 09:49:12 +0200." <3.0.6.32.19990714094912.00897100@127.0.0.1>
Sender: owner-ipsec@lists.tislabs.com


In message <3.0.6.32.19990714094912.00897100@127.0.0.1>, Rodney Thayer writes:
>
>Blowfish setup time is really an issue.  I also don't buy the "it takes a
>lot of
>memory per context" argument, myself, but there are memory-challenged
>implementations where this is an issue.

Depends how many SAs you are going to have; for example, we have done
experiments with 20K SAs simultaneously active, and they take *a lot*
of memory (in the order of 80M, when all's said and done). Some people
are looking at about 100K SAs on a box for some operations, for a lot
of boxes. Memory's cheap, but chances are they won't use blowfish as
the default algorithm.
-Angelos

References:

Re: new second mandatory IPsec cipher

From: Rodney Thayer <rodney@ssh.fi>

Prev by Date: Re: new second mandatory IPsec cipher
Next by Date: No Subject
Prev by thread: Re: new second mandatory IPsec cipher
Next by thread: Re: new second mandatory IPsec cipher
Index(es):
- Main
- Thread