Steven M. Bellovin wrote: > On Wed, 14 Nov 2007 22:43:01 -0800 > Joe Touch <touch@xxxxxxx> wrote: > >> Sam Hartman wrote: >> ... >>> Yes, Steve almost certanily did slow down any heavy CPU use during >>> the time when he was doing the backup. >>> >>> Our point--Steve, Steve and I--is that for a lot of uses and a lot >>> of users, no one cares. >> Perhaps that's why everyone is using security. We don't have a >> problem then. >> > I didn't say that; I said that performance generally isn't the issue. > Often, there's a *perception* of a performance issue, because once > there was. The bigger problem, in my opinion, is usability. *Lots* of > people use SSL, because they don't have to do anything. SSL as used in > https has lots of problems I won't go into here, but it is excellent > protection against passive eavesdroppers. While I'm sure your anecdotal laptop measurements are valid, there are plenty of others who: - transfer large files over disks with more than 70Mbps of BW e.g., photos are now over 15MB/file, and videos larger - do enough with their CPU in the meantime that they would notice when the OS was sharing it - e.g., photoshop Why don't users turn on security on DSL lines? They do - VPNs, SSL, etc. Sure, various protocols still have problems, as you note, but security over low-speed links is largely a success story. Why don't core Internet routers have security? Note that some router vendors sell "IPv6" routers even though they don't come with IPsec HW, and don't put IPsec in SW -- even though it begs the question of what IPv6-IPsec should be called (IPv5.5?). Why? They do more than ASCII email when they're trying to send packets, have a SATA disk (even on laptops), and don't have - or want - CPU power to burn (or even to share 50/50) to hide a very real performance problem. Performance problems come in many flavors: - per packet overhead - algorithmic overhead - keying overhead - policy lookup overhead All of these are real problems, and can cause performance to drop to a small fraction of what's capable without security. Hiding the problem with other debilitations hasn't made it go away. Joe
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf