ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [PMOL] Re: A question about [Fwd: WG Review: Performance Metrics atOther Layers (pmol)]

2007-11-15 07:37:47
from [Joe Touch] [Permanent Link] 


Steven M. Bellovin wrote:

On Wed, 14 Nov 2007 22:43:01 -0800
Joe Touch <touch(_at_)ISI(_dot_)EDU> wrote:


Sam Hartman wrote:
...

Yes, Steve almost certanily did slow down any heavy CPU use during
the time when he was doing the backup.

Our point--Steve, Steve and I--is that for a lot of uses and a lot
of users, no one cares.

Perhaps that's why everyone is using security. We don't have a
problem then.


I didn't say that; I said that performance generally isn't the issue.
Often, there's a *perception* of a performance issue, because once
there was. The bigger problem, in my opinion, is usability.  *Lots* of
people use SSL, because they don't have to do anything.  SSL as used in
https has lots of problems I won't go into here, but it is excellent
protection against passive eavesdroppers.


While I'm sure your anecdotal laptop measurements are valid, there are
plenty of others who:
        - transfer large files over disks with more than 70Mbps of BW
                e.g., photos are now over 15MB/file, and videos larger
        - do enough with their CPU in the meantime that they would
          notice when the OS was sharing it - e.g., photoshop

Why don't users turn on security on DSL lines? They do - VPNs, SSL, etc.
Sure, various protocols still have problems, as you note, but security
over low-speed links is largely a success story.

Why don't core Internet routers have security? Note that some router
vendors sell "IPv6" routers even though they don't come with IPsec HW,
and don't put IPsec in SW -- even though it begs the question of what
IPv6-IPsec should be called (IPv5.5?).

Why? They do more than ASCII email when they're trying to send packets,
have a SATA disk (even on laptops), and don't have - or want - CPU power
to burn (or even to share 50/50) to hide a very real performance problem.

Performance problems come in many flavors:
        - per packet overhead
        - algorithmic overhead
        - keying overhead
        - policy lookup overhead

All of these are real problems, and can cause performance to drop to a
small fraction of what's capable without security.

Hiding the problem with other debilitations hasn't made it go away.

Joe

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: terminology proposal: NAT+PT (or NAT64 ?), Keith Moore
Next by Date:  Re: NAT+PT for IPv6 Transition & Operator Feedback generally, Eliot Lear
Previous by Thread:  Re: [PMOL] Re: A question about [Fwd: WG Review: Performance Metrics atOther Layers (pmol)], Steven M. Bellovin
Next by Thread:  Re: [PMOL] Re: A question about [Fwd: WG Review: Performance Metrics atOther Layers (pmol)], Stephen Kent
Indexes:  [Date] [Thread] [Top] [All Lists]