W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2012

Re: HTTP2 Expression of Interest

From: Phillip Hallam-Baker <hallam@gmail.com>
Date: Tue, 17 Jul 2012 23:59:56 -0400
Message-ID: <CAMm+LwgXxJgwb036m1ts6X+pKvT09xELzgaO8FnFhuh80ej4sQ@mail.gmail.com>
To: Mike Belshe <mike@belshe.com>
Cc: Martin J. Dürst <duerst@it.aoyama.ac.jp>, Doug Beaver <doug@fb.com>, Willy Tarreau <w@1wt.eu>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
RC4 is cheap but SHA2 is not.

Encryption without authentication is worthless. The principal security
objective in TLS is to provide integrity, not confidentiality. If you
lose integrity you are going to lose confidentiality even with 128 bit
encryption.


RC4 is a stream cipher. It is fast but thats about all that can be
said in its favor. If I care about confidentiality I am not going to
want a stream cipher.


On Tue, Jul 17, 2012 at 11:44 PM, Mike Belshe <mike@belshe.com> wrote:
>
>
> On Tue, Jul 17, 2012 at 7:35 PM, "Martin J. Dürst" <duerst@it.aoyama.ac.jp>
> wrote:
>>
>> Hello Doug, everybody,
>>
>>
>> On 2012/07/18 7:11, Doug Beaver wrote:
>>
>>>    * Symmetric crypto costs are not much higher; I think Akamai quoted
>>> 10-20%
>>>      in their response. I think the costs aren't a big deal for major
>>> sites;
>>
>>
>> Just a quick question: I think if we could shave off 10-20% of the
>> bandwidth with some new technique, we'd all go for it.
>
>
> Symmetric crypto (RC4) is super super cheap - a couple of XORs - definitely
> not 10-20% of CPU.  I'd like to see that measured again before taking action
> upon it.  Obviously, if you use expensive crypto (presumably because you
> want it), some algorithms take more CPU
>
> mike
>
>>
>>
>> So why are we okay with 10-20% more processing costs for everybody, but
>> not with 10-20% more bandwidth? What's different between processing costs
>> and bandwidth?
>>
>> Regards,   Martin.
>>
>



-- 
Website: http://hallambaker.com/
Received on Wednesday, 18 July 2012 04:00:23 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 18 July 2012 04:00:30 GMT