Hi, Steve, Stephen Kent wrote: > Joe, > > I disagree with your suggestion "The software performance of security > protocols has been the more substantial issue, and is likely to continue > to be for the forseeable future." > > I suspect that most desktop users do not need hardware crypto for > performance. Irarely if ever drive my GiGE interface at its line rate. It's not hard to drive it high enough to see a substantial impact (300+Mbps); when I turn on S/W crypto, that drops to less than 1/3 at best. See the paper below. > With fast processors, especially multi-core processors, we have enough > cycles to do symmetric crypto at data rates consistent with most > application demands for individual users. Public key operations for key > management are usually low duty cycle, so they too can be accommodated. Public key is less the issue. See the following for recent measurements using multicore processors - FWIW, this will peg the processing of a modern CPU just to reach over 100Mbps: J. Touch, Y. Yang, "Reducing the Impact of DoS Attacks on Endpoint IP Security,"Proc. NPSec 2006, in conjunction with ICNP 2006, Nov. 2006. http://www.isi.edu/touch/pubs/npsec2006 Joe
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf