Stephen Kent wrote: > Joe, > > This discussion seems to have moved from a discussion of crypto use on > home/office computers, to use in routers. There is no good motivation > for other than edge (CPE?) routers to make use of IPsec for subscriber > traffic. BGP... > use of IPsec to > protect BGP is a non-starter, because of where in the router the > processing would be done (given current router designs). Yes - and that was the punchline that performance does matter. > In any case, > use of IPsec by routers is a very different topic that use in > home/office computers and ought not be brought into this discussion. They are two different things, agreed. > As for the original topic, yes, performance hits come in various flavors > when we discuss crypto protocol use. For example, there was a good paper > at NDSS a few years ago that showed how "marshalling" of data in SSL > implementations was a very big part of the performance hit. Nonetheless, > the bottom line is that for mainstream users, most of us are not > convinced that performance is the primary reason for not using crypto. If "us" means crypto folk, I agree. If "us" means the rest of us - who don't use crypto - I am not at all convinced. There are a variety of other communities who want to use security - high performance (grid, optiputer), enterprise (huge numbers of short connections), etc. They all have different reasons for not using crypto more, but writing off performance would be to continue a mistake. I've made that point clear; whether it's actually heard or not isn't something I have much control over, though. Joe
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf