I am mostly in agreement with Steve but I find the premise somewhat odd.
Crypto overhead is an issue for some applications but not so much at the bulk
end as the large number of small transactions end. Think web server doing a
thousand hits a second. Even that is manageable with crypto accelerators and
restart and such.
At the bulk end I would not see ssl as the ideal protocol for securing
distribution of online movies. Why would this be suprising? Why would we expect
one protocol to be optimal for every application?
For a start I would probaby want to have a message layer encryption scheme so
that I only need to encrypt my file once, I would probably want the crypto to
support fast index lookup for chapter search and I would probably want DRM
features.
The reason we use ssl for everything is because it is deployed and it is easier
to adapt a deployed protocol than build from scratch.
I don't see the backup scenario as relevant either. Batch mode backup is a
legacy of the tape drive era. With tape drives and tapes costing an order of
magnitude more per gig than disk that era is over. If the backup medium is disk
volume shaddowing makes much more sense.
Given that consumer targetted backup systems offering volume shaddowing are
available for just over $500 for a 500Gb system the batch mode backup scenario
is obsolete.
Now if only the providers of that technology had thought about how I am to
protect my data against the house burning down...
Sent from my GoodLink Wireless Handheld (www.good.com)
-----Original Message-----
From: Steven M. Bellovin [mailto:smb(_at_)cs(_dot_)columbia(_dot_)edu]
Sent: Thursday, November 15, 2007 05:53 AM Pacific Standard Time
To: Joe Touch
Cc: Leslie Daigle; Stephen Kent; pmol(_at_)ietf(_dot_)org; Romascanu, Dan
(Dan); IESG; Sam Hartman; ietf(_at_)ietf(_dot_)org
Subject: Re: [PMOL] Re: A question about [Fwd: WG Review: Performance
Metrics atOther Layers (pmol)]
On Wed, 14 Nov 2007 22:43:01 -0800
Joe Touch <touch(_at_)ISI(_dot_)EDU> wrote:
Sam Hartman wrote:
...
Yes, Steve almost certanily did slow down any heavy CPU use during
the time when he was doing the backup.
Our point--Steve, Steve and I--is that for a lot of uses and a lot
of users, no one cares.
Perhaps that's why everyone is using security. We don't have a
problem then.
I didn't say that; I said that performance generally isn't the issue.
Often, there's a *perception* of a performance issue, because once
there was. The bigger problem, in my opinion, is usability. *Lots* of
people use SSL, because they don't have to do anything. SSL as used in
https has lots of problems I won't go into here, but it is excellent
protection against passive eavesdroppers.
--Steve Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf