I am mostly in agreement with Steve but I find the premise somewhat odd.
Crypto overhead is an issue for some applications but not so much at the bulk end as the large number of small transactions end. Think web server doing a thousand hits a second. Even that is manageable with crypto accelerators and restart and such.
At the bulk end I would not see ssl as the ideal protocol for securing distribution of online movies. Why would this be suprising? Why would we expect one protocol to be optimal for every application?
For a start I would probaby want to have a message layer encryption scheme so that I only need to encrypt my file once, I would probably want the crypto to support fast index lookup for chapter search and I would probably want DRM features.
The reason we use ssl for everything is because it is deployed and it is easier to adapt a deployed protocol than build from scratch.
I don't see the backup scenario as relevant either. Batch mode backup is a legacy of the tape drive era. With tape drives and tapes costing an order of magnitude more per gig than disk that era is over. If the backup medium is disk volume shaddowing makes much more sense.
Given that consumer targetted backup systems offering volume shaddowing are available for just over $500 for a 500Gb system the batch mode backup scenario is obsolete.
Now if only the providers of that technology had thought about how I am to protect my data against the house burning down...
Sent from my GoodLink Wireless Handheld (www.good.com)
-----Original Message-----
From: Steven M. Bellovin [mailto:smb@xxxxxxxxxxxxxxx]
Sent: Thursday, November 15, 2007 05:53 AM Pacific Standard Time
To: Joe Touch
Cc: Leslie Daigle; Stephen Kent; pmol@xxxxxxxx; Romascanu, Dan (Dan); IESG; Sam Hartman; ietf@xxxxxxxx
Subject: Re: [PMOL] Re: A question about [Fwd: WG Review: Performance Metrics atOther Layers (pmol)]
On Wed, 14 Nov 2007 22:43:01 -0800
Joe Touch <touch@xxxxxxx> wrote:
> Sam Hartman wrote:
> ...
> > Yes, Steve almost certanily did slow down any heavy CPU use during
> > the time when he was doing the backup.
> >
> > Our point--Steve, Steve and I--is that for a lot of uses and a lot
> > of users, no one cares.
>
> Perhaps that's why everyone is using security. We don't have a
> problem then.
>
I didn't say that; I said that performance generally isn't the issue.
Often, there's a *perception* of a performance issue, because once
there was. The bigger problem, in my opinion, is usability. *Lots* of
people use SSL, because they don't have to do anything. SSL as used in
https has lots of problems I won't go into here, but it is excellent
protection against passive eavesdroppers.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf