- From: Ralph Spencer Poore <rspoore@ralph-s-poore.com>
- Date: Fri, 26 Apr 1996 00:38:57 -0500
- To: Tatu Ylonen <ylo@ssh.fi>
- Cc: ietf-tls@w3.org
At 01:06 AM 4/25/96 +0300, you wrote: >I just wish to say that I also agree that special processing for >pre-encrypted data is a Bad Idea. A 90-MHz Pentium can encrypt fast >enought to completely fill an ethernet (the ethernet becomes the >limiting factor), and the processing speed is doubling every year. > >The overhead from encryption is negligible all but the most >high-volume servers connected to the Internet by something faster than >10Mbits/sec. (Unless you also do a lot of CPU-intensive processing >that competes for CPU.) > >I don't think the complications from special handling are justified. > >As for pre-encryption with strong hardware algorithms, it does no harm >to double-encrypt. > > Tatu > I agree it does no harm to double-encrypt (presuming the result isn't an import/export issue) and wasn't intentionally suggesting support for special handling of pre-encrypted data. The ability to use renegotiation with NULL-WITH-NULL CipherSpec before sending the file and resuming with the previous CipherSpec when it's done seems a small price if double-encryption were undesired. Ralph Spencer Poore rspoore@ralph-s-poore.com
Received on Friday, 26 April 1996 01:39:29 UTC