- From: Poul-Henning Kamp <phk@phk.freebsd.dk>
- Date: Sun, 17 Aug 2014 07:31:54 +0000
- To: Eliot Lear <lear@cisco.com>
- cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
-------- In message <53F0496A.9040307@cisco.com>, Eliot Lear writes: >> By by whitening the present HTTP plaintext traffic with TLS, even with >> quite weak cipher-suites, we dramatically increase the cost of the >> postanalysis step, instantly making that filter impossible. > >This presumes that the use of weak cipher suites is actually cheaper to >the end points than strong ones. Is that really the case? I think it is an implict requirement that a COTS server can do 10Gbit/s. Any algorithm which meets that in software is fine by me from a performance point of view. Notice that the breaking is most likely going to happen against a short-ish key (32-40 bits) rather than against the algorithm. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence.
Received on Sunday, 17 August 2014 07:32:19 UTC