- From: Phillip Hallam-Baker <hallam@gmail.com>
- Date: Tue, 17 Jul 2012 23:59:56 -0400
- To: Mike Belshe <mike@belshe.com>
- Cc: Martin J. Dürst <duerst@it.aoyama.ac.jp>, Doug Beaver <doug@fb.com>, Willy Tarreau <w@1wt.eu>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
RC4 is cheap but SHA2 is not. Encryption without authentication is worthless. The principal security objective in TLS is to provide integrity, not confidentiality. If you lose integrity you are going to lose confidentiality even with 128 bit encryption. RC4 is a stream cipher. It is fast but thats about all that can be said in its favor. If I care about confidentiality I am not going to want a stream cipher. On Tue, Jul 17, 2012 at 11:44 PM, Mike Belshe <mike@belshe.com> wrote: > > > On Tue, Jul 17, 2012 at 7:35 PM, "Martin J. Dürst" <duerst@it.aoyama.ac.jp> > wrote: >> >> Hello Doug, everybody, >> >> >> On 2012/07/18 7:11, Doug Beaver wrote: >> >>> * Symmetric crypto costs are not much higher; I think Akamai quoted >>> 10-20% >>> in their response. I think the costs aren't a big deal for major >>> sites; >> >> >> Just a quick question: I think if we could shave off 10-20% of the >> bandwidth with some new technique, we'd all go for it. > > > Symmetric crypto (RC4) is super super cheap - a couple of XORs - definitely > not 10-20% of CPU. I'd like to see that measured again before taking action > upon it. Obviously, if you use expensive crypto (presumably because you > want it), some algorithms take more CPU > > mike > >> >> >> So why are we okay with 10-20% more processing costs for everybody, but >> not with 10-20% more bandwidth? What's different between processing costs >> and bandwidth? >> >> Regards, Martin. >> > -- Website: http://hallambaker.com/
Received on Wednesday, 18 July 2012 04:00:23 UTC